SG-5100 Dual WAN setup - Suggestions

Hello,

I would like to get some suggestions and thoughts. Here is my scenario.

My neighborhood is fortunate enough to be in service area for two ISPs.

I currently have a SG-5100 for ISP-A. But my neighborhood will be switching over to new ISP-B.
ISP-A is useful for my work and makes things a little bit easier. So I will be keeping ISP-A. On the SG-5100 running 22.05 I have DDNS/ACME SSL setup as well as port forwarding to some internal servers that I use.

VLAN 10 - home network (everything I use phones/tablets/pcs connects)
VLAN 30 - IoT stuff
VLAN 40 - Guest/testing
VLAN-60 - VPN
VLAN 100- management

Cisco 10 port PoE switch
APs are unifi

All vlans above ingress and egress via ISP-A.

Thought process (open to suggestions)
The SG-5100 can support dual wan so I can connect it to both ISPs. Then perform policy based routing so that only specific hosts like my work laptop on VLAN 10 - static DHCP assignment and ethernet and work server (static IP) vlan 40. Egress on ISP-B but ingress ISP-A - I have asymmetrical situation. I am ok with that (if its supported). I use DDNS/cloudflare/ACME-SSL CERT that advertises ISP-A WAN IP. I shouldnt need to do that with ISP-B though?

Another thing is that I am thinking is configuring a new vlan and just put all the devices I need in it and trunk it up to SG-5100 and use policy based routing to route the traffic to ISP-B.

last thing is that I have a SG-1100 available that I can connect and use incase and dedicate that to ISP-B. I would create a new VLAN and assign it only to the SG-1100 on 10 port switch. However ports are getting tight on it. I would prefer to use SG-5100 since it has available ports and I would have to use ports on the switch.

I wouldn’t expect an asymmetrical flow. If traffic originates internally it will flow based on your outbound policy, get NAT’d on the way out the outside interface and return traffic comes back to that IP/interface. For traffic originated outside of your network, it should hit the interface and NAT to where it needs to go and then based on the state table, go back out where it came from.

If you want redundancy for the services you are running locally, I would look into setting up GSLB so you can load balance outside traffic coming to your network.

Thanks for the response!

Just to update I have successfully setup dual WAN on the sg-5100 and have to say it is running very well. I don’t have load balancing setup but instead manually assigned certain devices and vlans to use specific WAN. I did setup gateway groups with each WAN interface acting as backup for the other. It required creating manual NAT entries do to my setup.

1 Like