Gateway Configuration

To connect NGFW to the Internet, you need to specify the IP address(es) of one or more gateways. If connections to several Internet providers are used, several gateways must be specified. The gateway setting is specific to each cluster node.

Here is an example of a network configuration with two providers:

Interface eth1 with an IP address of 192.168.11.2 is connected to Internet Provider 1. To enable Internet access via this provider, a gateway with an IP address of 192.168.11.1 must be added.
Interface eth2 with an IP address of 192.168.12.2 is connected to Internet Provider 2. To enable Internet access via this provider, a gateway with an IP address of 192.168.12.1 must be added

When two or more gateways exist, there are two options:

Name	Description
Traffic load balancing between gateways	Set the Balancing checkbox and assign a Weight to each gateway. In this case, all traffic destined for the Internet will be distributed between the gateways according to the weights assigned (the greater the weight, the larger portion of the traffic will pass through the gateway). When traffic is distributed between gateways with unequal weights, the following happens: 1. A hash of the source and destination addresses is computed. 2. A gateway is selected The traffic is distributed based on the weights. Assume that 2 gateways are configured, and: n1, n2 are the sessions that pass through the gateways; w1, w2 are the gateway weights. Then the sessions will be distributed between the gateways according to the formula n1/w1 = n2/w2.
Main gateway with failover	Select one of the gateways as the main and configure the Connectivity checker by clicking the button with that name. The connectivity checker periodically verifies if the host is accessible from the Internet (using ping) with the interval specified in the settings and, if the host ceases to be reachable, switches all traffic to the backup gateways in the order they are listed in the console (if the order has not changed in the current session sorting of displayed gateways; changing the sorting order does not affect the gateway selection process). By default, the network connectivity checker is configured to use Google's public DNS server (8.8.8.8), but this can be changed to any other host if the administrator so desires.

Name

Description

Traffic load balancing between gateways

Set the Balancing checkbox and assign a Weight to each gateway. In this case, all traffic destined for the Internet will be distributed between the gateways according to the weights assigned (the greater the weight, the larger portion of the traffic will pass through the gateway).

When traffic is distributed between gateways with unequal weights, the following happens:

1. A hash of the source and destination addresses is computed.

2. A gateway is selected

The traffic is distributed based on the weights. Assume that 2 gateways are configured, and:

n1, n2 are the sessions that pass through the gateways;
w1, w2 are the gateway weights.

Then the sessions will be distributed between the gateways according to the formula n1/w1 = n2/w2.

Main gateway with failover

Select one of the gateways as the main and configure the Connectivity checker by clicking the button with that name. The connectivity checker periodically verifies if the host is accessible from the Internet (using ping) with the interval specified in the settings and, if the host ceases to be reachable, switches all traffic to the backup gateways in the order they are listed in the console (if the order has not changed in the current session sorting of displayed gateways; changing the sorting order does not affect the gateway selection process).

By default, the network connectivity checker is configured to use Google's public DNS server (8.8.8.8), but this can be changed to any other host if the administrator so desires.

A gateway's status (green for available, red for unavailable) is determined as follows:

Name	Description
Connectivity checker disabled	A gateway is considered available if NGFW can obtain its MAC address using an ARP request. Internet connectivity is not checked for this gateway. If it is not possible to determine the gateway's MAC address, it is considered unavailable.
Connectivity checker enabled	A gateway is considered available if: NGFW can obtain its MAC address using an ARP request Internet connectivity check for this gateway was successful. Otherwise, the gateway is considered unavailable.

Name

Description

Connectivity checker disabled

A gateway is considered available if NGFW can obtain its MAC address using an ARP request. Internet connectivity is not checked for this gateway.

If it is not possible to determine the gateway's MAC address, it is considered unavailable.

Connectivity checker enabled

A gateway is considered available if:

NGFW can obtain its MAC address using an ARP request
Internet connectivity check for this gateway was successful.

Otherwise, the gateway is considered unavailable.

Вы здесь

Форма поиска

Gateway Configuration