2

I consider changing my office's internet access infrastructure to multilpe ADSL lines aggregated with a link aggregator (Peplink B710).

I plan to place my existing UTM (FortiGate-100A) after the balancer.

Should I expect any problems with this configuration? I am afraid that the multi link , multi IP network might make the UTM block some traffic with some attack threat false positives.

Does anyone have any experience with this setup?

Variant
  • 278
  • 1
  • 6

1 Answers1

1

If the network traffic sessions are not stateful end-to-end across the multi-link device, through the UTM, all the way to the end-clients, then some applications may not work. In those cases, the end-point applications may wind up seeing something that looks like a session hijack attack, if multiple IPs (as the result of the multi-link device) are swapped around during any attempted user session.

user48838
  • 7,393
  • 2
  • 17
  • 14
  • So my fears might not be from the UTM but from the sites themselves? The Peplink unit have options to set balancing modes and rules so I will probably set that to keep a client persistent on a single line for HTTP sessions. (Especially important for SSL) – Variant Jun 19 '11 at 09:37
  • At least one of the possible problems is that the UTM may NAT its "WAN side" which might then render unforeseen difficulties with the multi-link device, if it is designed for direct client access from its "LAN side" assessment/determination of per user sessions. – user48838 Jun 19 '11 at 09:54