5.3. Gateway Configuration

To connect UserGate to the Internet, you need to specify the IP address(es) of one or more gateways. A gateway is configured for each virtual router that needs Internet access. For more details on using virtual routers, see the section Virtual Routers.

Note

The gateway setting is specific to each cluster node.

If connections to several Internet providers are used, several gateways must be specified. Here is an example of a network configuration with two providers:

Interface port1 with an IP address of 192.168.11.2 is connected to Internet Provider 1. To enable Internet access via this provider, a gateway with an IP address of 192.168.11.1 must be added.
Interface port2 with an IP address of 192.168.12.2 is connected to Internet Provider 2. To enable Internet access via this provider, a gateway with an IP address of 192.168.12.1 must be added.

When two or more gateways exist, there are two options:

Name	Description
Traffic load balancing between gateways	Set the Balancing checkbox and assign a Weight to each gateway. In this case, all traffic destined for the Internet will be distributed between the gateways according to the weights assigned (the greater the weight, the larger portion of the traffic will pass through the gateway). When traffic is distributed between gateways with unequal weights, the following happens: A hash of the source and destination addresses is computed. A gateway is selected. The traffic is distributed based on the weights. Assume that 2 gateways are configured, and: n1, n2 are the sessions that pass through the gateways; w1, w2 are the gateway weights. Then the sessions will be distributed between the gateways according to the formula n1/w1 = n2/w2.
Main gateway with failover	Select one of the gateways as the main and configure the Connectivity checker by clicking the button with that name. The connectivity checker periodically verifies (using ping) if the host is accessible from the Internet with the interval specified in the settings and, if the host ceases to be reachable, switches all traffic to the backup gateways in the order they are listed in the console. By default, the network connectivity checker is configured to use Google's public DNS server (8.8.8.8), but this can be changed to any other host if the administrator so desires.

Name

Description

Traffic load balancing between gateways

Set the Balancing checkbox and assign a Weight to each gateway. In this case, all traffic destined for the Internet will be distributed between the gateways according to the weights assigned (the greater the weight, the larger portion of the traffic will pass through the gateway).

When traffic is distributed between gateways with unequal weights, the following happens:

A hash of the source and destination addresses is computed.
A gateway is selected.

The traffic is distributed based on the weights. Assume that 2 gateways are configured, and:

n1, n2 are the sessions that pass through the gateways;
w1, w2 are the gateway weights.

Then the sessions will be distributed between the gateways according to the formula n1/w1 = n2/w2.

Main gateway with failover

Select one of the gateways as the main and configure the Connectivity checker by clicking the button with that name. The connectivity checker periodically verifies (using ping) if the host is accessible from the Internet with the interval specified in the settings and, if the host ceases to be reachable, switches all traffic to the backup gateways in the order they are listed in the console.

By default, the network connectivity checker is configured to use Google's public DNS server (8.8.8.8), but this can be changed to any other host if the administrator so desires.

A gateway's status (green for available, red for unavailable) is determined as follows:

Scenario	Description
Connectivity checker disabled	A gateway is considered available if UserGate can obtain its MAC address using an ARP request. Internet connectivity is not checked for this gateway. If it is not possible to determine the gateway's MAC address, it is considered unavailable.
Connectivity checker enabled	A gateway is considered available if: UserGate can obtain its MAC address using an ARP request. Internet connectivity check for this gateway was successful. Otherwise, the gateway is considered unavailable.

Scenario

Description

Connectivity checker disabled

A gateway is considered available if UserGate can obtain its MAC address using an ARP request. Internet connectivity is not checked for this gateway.

If it is not possible to determine the gateway's MAC address, it is considered unavailable.

Connectivity checker enabled

A gateway is considered available if:

UserGate can obtain its MAC address using an ARP request.
Internet connectivity check for this gateway was successful.

Otherwise, the gateway is considered unavailable.

You are here

Search form

5.3. Gateway Configuration