User's Manual
Table Of Contents
- WatchGuard® Firebox® X Edge User Guide
- Certifications and Notices
- Declaration of Conformity
- Notice to Users
- WatchGuard Firebox Software
- End-User License Agreement
- Copyright, Trademark, and Patent Information
- Limited Hardware Warranty
- Abbreviations Used in this Guide
- CHAPTER 1 Introduction to Network Security
- CHAPTER 2 Installing the Firebox® X Edge
- CHAPTER 3 Configuration and Management Basics
- CHAPTER 4 Changing Your Network Settings
- Using the Network Setup Wizard
- Configuring the External Network
- Configuring the Trusted Network
- Configuring the Optional Network
- Enabling the optional network
- Changing the IP address of the optional network
- Using DHCP on the optional network
- Setting optional network DHCP address reservations
- Configuring the optional network for DHCP relay
- Using static IP addresses for optional computers
- Adding computers to the optional network
- Requiring encrypted connections
- Making Static Routes
- Viewing Network Statistics
- Registering with the Dynamic DNS Service
- Enabling the WAN Failover Option
- Enabling External Modem Failover
- CHAPTER 5 Setting up the Firebox X Edge Wireless
- CHAPTER 6 Configuring Firewall Settings
- CHAPTER 7 Configuring Logging
- CHAPTER 8 Configuring WebBlocker
- CHAPTER 9 Configuring Virtual Private Networks
- CHAPTER 10 Configuring the MUVPN Client
- CHAPTER 11 Managing the Firebox® X Edge
- Viewing Current Sessions and Users
- About User Authentication
- Adding or Editing a User Account
- About Seat Licenses
- Selecting HTTP or HTTPS for Firebox Management
- Changing the HTTP Server Port
- Setting up VPN Manager Access
- Updating the Firmware
- Activating Upgrade Options
- Enabling the Model Upgrade Option
- Configuring Additional Options
- Viewing the Configuration File
- APPENDIX A Firebox®X Edge Hardware
- Index
Changing Your Network Settings
64 WatchGuard Firebox X Edge
Enabling the WAN Failover Option
The WAN Failover option adds redundant support for the external
interface. With this option, the Firebox® X Edge starts a connection
through the WAN2 port when the primary external interface (WAN1)
can not send traffic. Companies use this option if they must have a
constant connection. You must get a second Internet connection to
use this option.
It is not necessary to configure new services to use this option. The
failover interface uses the same services and network properties as
the external interface.
The Firebox uses two methods to find out if the external interface is
functional:
• The status of the link to the nearest router
• A ping command to a specified location
The Firebox pings the default gateway or a computer specified by
the administrator. If there is no reply, the Firebox changes to the
secondary external network interface (WAN2).
When you enable the WAN Failover, the Firebox does the following:
• If the WAN1 interface connection stops, the Firebox starts to
use WAN2 interface.
• If the WAN2 interface connection stops, the Firebox starts to
use the WAN1 interface.
• If the WAN1 interface and the WAN2 interface stop, the Firebox
tries the 2 interfaces until it makes a connection.
When the WAN2 is in use, the Firebox does not switch back to the
WAN1 port unless PPPoE is used to assign IP addresses. After the
Firebox switches to the WAN2 port, the administrator must change
the configuration back to the WAN1 port when the connection is
restored.
If you use PPPoE, you can set an inactivity timeout that disables
inactive TCP connections during periods of inactivity. See “If your
ISP uses PPPoE” on page 48 for PPPoE configuration information. If
your external connection fails, the WAN2 port connection is started
and used. The WAN2 port is used until the TCP connection becomes
inactive (timeout). When the traffic continues, the Firebox connects