NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
SRX5308 Load balancing with protocol binding problem
I have 3 Internet connections in load balancing mode. All outgoing traffic to a specific IP adress (mail hub) must go through specific WAN port where I have a dedicated IP address. If any other WAN p...
Hi herrmann_daniel,
Thanks for your response.
With regard to your concern, since you have 3 WAN connections, let say for example WAN1 port goes down, all of the services that are binded to it will be all down and it will not switch to any other WAN ports.
Regards,
DaneA
Netgear Community Team
So there is in fact a problem. I created a rule in Protocol Binding that says that any service from a single lan address to a single Internet address should go through a specific WAN port. I use this to send emails from our internal mail server to an Internet mail hub. This mail hub rejects all messages that do not come from a specific IP address. Checking the log of the mail hub I can see that it receives sometimes mails from one of the other WAN connections. I don't know if this happens due to connection failures on the specific WAN connection or if the Protocol Binding is not working correctly. Is there any way I can troubleshoot this further?
Hi herrmann_daniel,
Based from you have previously stated, do you have any inbound or outbound firewall rules configured on your SRX5308?
Regards,
DaneA
Netgear Community Team
- Hi, there are no outbound rules but some inbound: 1 SMTP587 ALLOW always 192.168.70.1 Any NONE WAN1 NONE Never 2 SMTP587 ALLOW always 192.168.70.1 Any NONE WAN2 NONE Never 3 SMTP587 ALLOW always 192.168.70.1 Any NONE WAN3 NONE Never 4 VNC5910 ALLOW always 192.168.70.10 Any NONE WAN1 NONE Never 5 VNC5910 ALLOW always 192.168.70.10 Any NONE WAN2 NONE Never 6 VNC5910 ALLOW always 192.168.70.10 Any NONE WAN3 NONE Never 7 HTTPS ALLOW always 192.168.70.1 Any NONE WAN1 NONE Never 8 HTTPS ALLOW always 192.168.70.1 Any NONE WAN2 NONE Never 9 HTTPS ALLOW always 192.168.70.1 Any NONE WAN3 NONE Never Below you can see part of the log from the mail hub. WAN3 of the SRX5308 has the IP 177.249.113.112 which is allowed on the mail hub. WAN1 has the IP 187.209.254.49 and is not allowed on the mail hub. Protocol binding should ensure that mail only goes through WAN3. 2015-08-31 11:24:32 ...rtinez@aesmexico.com ...rrmann@tamsys.com.mx PEDIDO 3000_651 TA... Sent 177.249.113.112 2015-08-31 11:29:01 ...abanne@aesmexico.com ...apia@giaguila.com.mx TRANSMITTAL FIRMAD... Sent 177.249.113.112 2015-08-31 11:30:04 ...rtinez@aesmexico.com ...atzin@geotest.com.mx RV: COTIZACION DE ... Sent 177.249.113.112 2015-08-31 11:34:57 ...acheco@aesmexico.com j.blancm@hotmail.com RV: Pago proyecto Sent 177.249.113.112 2015-08-31 11:39:30 ...acheco@aesmexico.com ...lupetam5@hotmail.com Rejected 187.209.254.49 2015-08-31 11:39:30 ...rtinez@aesmexico.com ...tamira@lister.com.mx Rejected 187.209.254.49 2015-08-31 11:40:54 ...acheco@aesmexico.com ...rrmann@tamsys.com.mx Rejected 187.209.254.49 2015-08-31 11:47:09 ...acheco@aesmexico.com ...lupetam5@hotmail.com RV: RELACION DE ... Sent 177.249.113.112 2015-08-31 11:48:38 ...nzalez@aesmexico.com ...no@redcomtampico.net Estudio de comunic... Sent 177.249.113.112 I allready tried with some variaton on the protocol binding rule like: - any service from local IP 192.168.70.1 that goes to 216.55.99.127 uses WAN3 - SMTP 587 from local IP 192.168.70.1 that goes to 216.55.99.127 uses WAN3 - any service from local IP 192.168.70.1 that goes to any internet address uses WAN3 But there are always some mail that go through WAN1 and are rejected therfore by the mail hub. Regards, Daniel
Hi herrmann_daniel,
It seems that the logs looks normal. But I think it would be best for you to contact Netgear Support and have a case number logged regarding your concern as well as have the logs be further analyzed. Netgear Support is open 24/7 even on holidays and weekends.
http://support.netgear.com/general/contact/
Regards,
DaneA
Netgear Community Team
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
