Hello,
I’m going into a new datacenter and am trying to figure out how to configure an RB-1100AHx2. They’re supplying me with a redundant WAN connection (A and B connections). I’ve attached a graphic of what the layout should look like. I have redundant switches, but at the time only one router. This will change in the coming months, as I’ll add a second router for redundancy.
Objective
To transparently filter traffic going to live servers, and also to supply Internet to a LAN with an IPSEC tunnel.
Proposed architecture
We have each datacenter connection going into each switch (connection A into switch 1, connection B into switch 2). They will be tagged on VLAN 2. They will go from each switch into the RB-1100AHx2 (switch 1/vlan2 → eth1, switch 2/vlan2 → eth2). Then the filtered WAN comes out of the RB-1100AHx2 and goes back into the switch (eth3 → switch 1/vlan3, eth4 → switch 2/vlan3). Then the LAN comes out of the RB-1100AHx2 and goes back into the switch (eth5 → switch 1/vlan4, eth6 → switch 2/vlan4).
Problem
Initially I planned on bridging eth1, eth2, eth3, and eth4 with the Use IP Firewall feature, although I’m not sure I’m on the right track. I’m not sure if I’m right on this, but if I did that, wouldn’t I have to write 4 sets of filter rules for each service (ie. port 80 in eth1 out eth 3, in eth2 out eth 3, in eth1 out eth4, in eth2 out eth4). I think there is probably a more efficient way of accomplishing this and was hoping someone could point me in the right direction.
Thank you in advance,
Brian
