Hello,
I have the product Hap ac2. I also have 2 ISP services. Some websites(Banks) do not allow 2 ISP. How should I set up for these sites? Thans
Re: One Web Site 2 ISP
Can you post your configuration without any sensitive data so we can check how your routing is set up as well as let us know what you are trying to achieve with the dual isp I.e fail over, load balancing etc/
The issue sounds like we might be using both ISP's to send out traffic going to the same connection so secure sites like banking wont like that, depending on how this is currently set up we can either fix this in the routing table (preferred) or do some packet marking through the firewall to guide the traffic out the right ISP.
The issue sounds like we might be using both ISP's to send out traffic going to the same connection so secure sites like banking wont like that, depending on how this is currently set up we can either fix this in the routing table (preferred) or do some packet marking through the firewall to guide the traffic out the right ISP.
Re: One Web Site 2 ISP
@AidanAus ask configuration, not screenshot...
Re: One Web Site 2 ISP
In firewall create address-list with hostnames (not addresses) of banks.
Create rule in firewall mangle prerouting dst address list=banks-list, set action mark routing and new routing mark to_WAN1
Create rule in firewall mangle prerouting dst address list=banks-list, set action mark routing and new routing mark to_WAN1
Re: One Web Site 2 ISP
how do we get i'm so new@AidanAus ask configuration, not screenshot...
Re: One Web Site 2 ISP
another site?In firewall create address-list with hostnames (not addresses) of banks.
Create rule in firewall mangle prerouting dst address list=banks-list, set action mark routing and new routing mark to_WAN1
Re: One Web Site 2 ISP
Sorry I am not that active here
you can export the configuration by opening a terminal and using the export command, note you can use file="file name" to put some outputs into files and the export command has options like hide-sensitive that might be usefull for this.
You can also get into the submenu you would like to export so ip/firewall export just to export the firewall menu for instance.
you can export the configuration by opening a terminal and using the export command, note you can use file="file name" to put some outputs into files and the export command has options like hide-sensitive that might be usefull for this.You can also get into the submenu you would like to export so ip/firewall export just to export the firewall menu for instance.
Re: One Web Site 2 ISP
I dont understand the concern.
If you have a session where you access your bank account the hapac is not going to switch in the middle of a session your WAN connection.
If you have a session where you access your bank account the hapac is not going to switch in the middle of a session your WAN connection.
Re: One Web Site 2 ISP
I think the issue of the topic author is something to do with NAT, he is probably telling us that the public IP represent outside his network is rotating probably ECMP or PCC or anything that make rotate his IP that lead to some application like HTTPS for banks is tearing down his connection.
Please attached actual config so that some people here might be able to help you
Please attached actual config so that some people here might be able to help you
Re: One Web Site 2 ISP
if you are usingPCC
Per connection classifier
set theValuesToHashtosrc-address
set theValuesToHashtosrc-address
Re: One Web Site 2 ISP
PCC does not mean change IP in the middle of a session.
Perhaps and more likely and rather bizarre, his bank only excepts connections from a customer for ONE IP address.
Seems stupid in an era of dynanic WANIPs being available. As stated do not understand.
In any case, the goal is to keep the mangling the same for a particular destination IP address ( assuming at least the bank WANIP is fixed/static ).
Perhaps and more likely and rather bizarre, his bank only excepts connections from a customer for ONE IP address.
Seems stupid in an era of dynanic WANIPs being available. As stated do not understand.
In any case, the goal is to keep the mangling the same for a particular destination IP address ( assuming at least the bank WANIP is fixed/static ).
Who is online
用户s browsing this forum:DarkRabbitand 19 guests