HSA supports multiple WAN connections via trunking on WAN interface (eth0), meaning traffic can go out from two different logical WAN interfaces, identified by VLANs.
NOTE: please note the differences between Multi-WAN trunking and Multi-VLAN switching.
- Two ISP connections via different VLAN coming into HSA WAN port
- ISP1 is using VLAN10, this is for Internet traffic only
- ISP2 is using VLAN20, this is for MPLS/Private traffic towards HQ/DC network, eg 172.16.2.0/24
HSA BASIC CONFIGURATION
1. Access to HSA through local connection or via mfusion portal. see details.
2. Create new VLAN and map to WAN port (Network --> Switch). Create new VLAN10 & 20. Tag each VLANID to both CPU and WAN.
- Default VLAN1 is for LAN switch ports.
- Default VLAN2 is for default WAN ports
- All vlans must tag to CPU
- Each VLANID must tag to WAN (port5)
3. Create WAN Interface to map to each VLAN (Network --> Interface),
3a. Create new interface vlan10, map to eth0.10. Use “DHCP Client” as protocol. Assign firewall zone "vlan10"
3b. Create new interface vlan20, map to eth0.20. Use “Static address” as protocol. Assign firewall zone "vlan20"
4. Configure firewall (Network --> Firewall) to permit network access (outbound from vlan10 and vlan20 to WAN).
NOTE: Also remember to check “Masquerading” and “MSS clamping” for vlan10 and vlan20, same as wan interface setting.
5. Configure static route (Network --> “Static Route) to access to HQ/DC network! 172.16.2.0/24 nexthop 220.127.116.11!