Community discussions

MikroTik App
 
byorkouk
just joined
Topic Author
Posts: 4
Joined: Wed Feb 01, 2023 10:38 pm

One Web Site 2 ISP

Wed Feb 01, 2023 10:43 pm

Hello,
I have the product Hap ac2. I also have 2 ISP services. Some websites(Banks) do not allow 2 ISP. How should I set up for these sites? Thans
 
AidanAus
Member Candidate
Member Candidate
Posts: 177
Joined: Wed May 08, 2019 7:35 am
Location: Australia
Contact:

Re: One Web Site 2 ISP

Thu Feb 02, 2023 12:58 am

Can you post your configuration without any sensitive data so we can check how your routing is set up as well as let us know what you are trying to achieve with the dual isp I.e fail over, load balancing etc/

The issue sounds like we might be using both ISP's to send out traffic going to the same connection so secure sites like banking wont like that, depending on how this is currently set up we can either fix this in the routing table (preferred) or do some packet marking through the firewall to guide the traffic out the right ISP.
 
byorkouk
just joined
Topic Author
Posts: 4
Joined: Wed Feb 01, 2023 10:38 pm

Re: One Web Site 2 ISP

Thu Feb 02, 2023 11:39 am

Image
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: One Web Site 2 ISP

Thu Feb 02, 2023 11:46 am

@AidanAus ask configuration, not screenshot...
 
vaka
just joined
Posts: 22
Joined: Fri Dec 04, 2020 4:08 pm
Location: Ukraine

Re: One Web Site 2 ISP

Thu Feb 02, 2023 12:02 pm

In firewall create address-list with hostnames (not addresses) of banks.
Create rule in firewall mangle prerouting dst address list=banks-list, set action mark routing and new routing mark to_WAN1
 
byorkouk
just joined
Topic Author
Posts: 4
Joined: Wed Feb 01, 2023 10:38 pm

Re: One Web Site 2 ISP

Thu Feb 02, 2023 12:36 pm

@AidanAus ask configuration, not screenshot...
how do we get i'm so new
 
byorkouk
just joined
Topic Author
Posts: 4
Joined: Wed Feb 01, 2023 10:38 pm

Re: One Web Site 2 ISP

Thu Feb 02, 2023 12:37 pm

In firewall create address-list with hostnames (not addresses) of banks.
Create rule in firewall mangle prerouting dst address list=banks-list, set action mark routing and new routing mark to_WAN1
another site?
 
AidanAus
Member Candidate
Member Candidate
Posts: 177
Joined: Wed May 08, 2019 7:35 am
Location: Australia
Contact:

Re: One Web Site 2 ISP

Tue Apr 04, 2023 4:41 am

Sorry I am not that active here :) you can export the configuration by opening a terminal and using the export command, note you can use file="file name" to put some outputs into files and the export command has options like hide-sensitive that might be usefull for this.

You can also get into the submenu you would like to export so ip/firewall export just to export the firewall menu for instance.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: One Web Site 2 ISP

Tue Apr 04, 2023 4:49 am

I dont understand the concern.
If you have a session where you access your bank account the hapac is not going to switch in the middle of a session your WAN connection.
 
User avatar
loloski
Member Candidate
Member Candidate
Posts: 276
Joined: Mon Mar 15, 2021 9:10 pm

Re: One Web Site 2 ISP

Tue Apr 04, 2023 6:08 am

I think the issue of the topic author is something to do with NAT, he is probably telling us that the public IP represent outside his network is rotating probably ECMP or PCC or anything that make rotate his IP that lead to some application like HTTPS for banks is tearing down his connection.

Please attached actual config so that some people here might be able to help you
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 2989
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: One Web Site 2 ISP

Tue Apr 04, 2023 6:21 am

if you are using PCC Per connection classifier

set the ValuesToHash to src-address
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: One Web Site 2 ISP

Tue Apr 04, 2023 5:37 pm

PCC does not mean change IP in the middle of a session.
Perhaps and more likely and rather bizarre, his bank only excepts connections from a customer for ONE IP address.
Seems stupid in an era of dynanic WANIPs being available. As stated do not understand.

In any case, the goal is to keep the mangling the same for a particular destination IP address ( assuming at least the bank WANIP is fixed/static ).

Who is online

Users browsing this forum: dioeyandika, GoogleOther [Bot], rplant and 42 guests