Can Watchgurard XTM 520 support 2nd network drop?

Question

I need a bit of advice here.

We are having 2 XTM 520 firewall configured in HA by a consultant previously. The FW are connected to a 100 mbps network drop currently.

I have taken over the work but I am not too familiar with the FW.

We are planning to upgrade to a faster network (1Gbps).

There are two options:

1) keep both 100mbps and 1Gbps (only migrate some servers which are network heavy to the new network drop)

2) migrate everything over (required IP changes for all servers)

2 is definitely doable except that there will be more IP config changes.

But I would like to know if 1 is possible too for XTM 520? Basically I want to know if XTM 520 able to support 2 network drops concurrently?

Thanks a lot!

basically its external connection to the internet provided by the ISP — ledmirage, Mar 31 '13 at 01:35

score 0 · Answer 1 · answered Apr 12 '13 at 17:10

It can, the feature is called "Multi-WAN".

You need the additional license for "Fireware Pro" to enable it, but you will have this already because you have the HA clustering.

In the Network -> Interfaces menu in Policy Manager, you need to set more than one interface to be enabled and set to "Type: External", and then go to Network -> Configuration -> Multi-WAN tab for further configuration.

Routing-table is the most versatile setting, make sure both interfaces are ticked. Configure a ping destination so the firewall can tell if one of the connections fails.

After that, in every policy/firewall rule, you can choose which interface the traffic leaves the firewall on, and whether to failover if the connection drops.

Can Watchgurard XTM 520 support 2nd network drop?

1 Answers1