Creating a redundantly connected network on a LANCOM R&S®Unified Firewall

Description:

Some scenarios benefit from the redundancy of connecting the LANCOM R&S®Unified Firewall to two switches on two Ethernet interfaces. Only one of the connections is active at a time. If the current connection fails, the system changes to the other connection.

This article describes how a network can be connected redundantly to a LANCOM R&S®Unified Firewall via two Ethernet interfaces.

Requirements:

• LCOS FX as of version 10.7 (download latest version)
• Web browser for configuring the Unified Firewall
  
  The following browsers are supported:
  • Google Chrome
  • Chromium
  • Mozilla Firefox

Scenario:

• The Unified Firewall is to be set up with the network 192.168.10.0/24 and connected redundantly via the ports eth2 and eth3.
• The two switches are connected to each other.

Screenshot of a technical user interface showing settings related to Unified Firewall, redundant network configurations, and LANCOM switch options.

Procedure:

The redundant connection can be implemented either by a bridge based on spanning tree (section 1) or by a bond interface (section 2). In both cases, some preparations are required in advance.

Preparations:

Connect to the Unified Firewall via the webinterface. Go to the menu Network → Connections → Network Connections and use the “trashcan” icon to delete two unused networks so that they can be used for the bridge (section 1) or the bond interface (section 2).

An image displaying a technical user interface for network connections management, including sections for monitoring statistics, PPP connections, WWAN connections, and various connection statuses and types.

1) Using a bridge to create a redundantly connected network:

1.1) Navigate to the menu Network → Interfaces → Bridge Interfaces and click on the “+” icon to create a bridge interface.

Image displaying a complex technical user interface with various sections labeled, such as Bridge Interfaces, Monitoring Statistics, DHCP Interfaces, DNS Accounts, and Ethernet Interfaces, suggesting a network configuration or management setting.

1.2) Enter two free ports (see Preparations), activate the Spanning Tree Protocol and click Create.

Image displaying a partial view of a complex technical user interface with blurred or partial text, possibly a configuration menu or settings screen.

1.3) Change to the menu Network → Connections → Network Connections and click on the “+” icon to assign an IP address to the bridge created in step 1.2.

Image displaying a technical interface for configuring network connections, showing various connection statuses including PPP and WWAN, with interface types like DHCP and Static listed.

1.4) Modify the following parameters and then click Create:

• Name: Enter a descriptive name (in this example Redundant-Network).
• Interface: From the drop-down menu, select the bridge created in step 1.2 (in this case br0).
• IP Addresses: Enter an IP address in CIDR notation (Classless Inter Domain Routing) that the network should have (in this example 192.168.10.254/24).

An image of a technical configuration interface displaying options for a Redundant Network setup including fields like interface type, usage, internet connection status, public IP address, and WAN failover options.

1.5) Click the icon Create a network to create a network object.

Image of a technical interface displaying the text 'Oyviiate teDokjeia Firewall,' possibly indicating a firewall setting or status.

1.6) Modify the following parameters and then click Create:

• Name: Enter a descriptive name (in this example Redundant-Network).
• Interface: From the drop-down menu, select the bridge created in step 1.2 (in this case br0).
• Network IP: Enter the network address of the IP address created in step 1.4 in CIDR notation (in this example 192.168.10.0/24).

Image of a technical configuration menu with options including Redundant Network, Allow Login, Exempt From AntiVirus, and Cancel.

1.7) Finally, implement the changes by clicking Activate.

A screenshot showing a user interface for configuring firewall settings.

2) Using a bond interface to create a redundantly connected network:

2.1) Navigate to the menu Network → Interfaces → Bond Interfaces and click on the “+” icon to create a new interface.

Image of a complex technical interface showing various network monitoring statistics and port status configurations.

2.2) Modify the following parameters and then click Create:

• Mode: From the drop-down menu, select the option Active-Backup (Bridge). Data is transferred over the first interface in the list. If this fails, the system changes to the next interface in the list. If the original interface becomes available again, the connection remains on the interface that took over the communication. 
• Ports: Enter two free ports (see Preparations).

Screenshot of a network configuration interface showing options for modifying hardware address, active mode, and backup settings.

2.3) Navigate to the menu Network → Interfaces → VLAN Interfaces and click on the “+” icon to assign a VLAN to the Bond.

Screenshot of a network device interface showing various configuration options such as VLAN interfaces, DHCP interfaces, Dynamic DNS accounts, and Ethernet settings.

2.4) For the Master Interface, select the bond interface created in step 2.2, enter the necessary VLAN tag, and click Create.

Screenshot of a network configuration interface showing details of 'vitbondo', a master interface with hardware address and MTU settings, including a notice about kernel restrictions on MTU values.

2.5) Change to the menu Network → Connections → Network Connections and click on the “+” icon to assign an IP address to the bond interface created in step 2.2.

Screenshot of a network connections interface showing various statuses and types, including PPP and WWAN connections with details on DHCP and static interfaces.

2.6) Modify the following parameters and then click Create:

• Name: Enter a descriptive name (in this example Redundant-Network).
• Interface: From the drop-down menu, select the bond interface created in step 2.2 (in this case bond0).
• IP Addresses: Enter an IP address in CIDR notation that the network should have (in this example 192.168.10.254/24).

Screenshot of a network settings dialog box with options for a redundant network interface, including IP addresses, status, and configuration type.

2.7) Click the icon Create a network to create a network object.

Image displaying a user interface menu with a section labeled 'Oyviiate teDokjeia Firewall'.

2.8) Modify the following parameters and then click Create:

• Name: Enter a descriptive name (in this example Redundant-Network).
• Interface: From the drop-down menu, select the bond interface created in step 2.2 (in this case bond0).
• Network IP: Enter the network address of the IP address created in step 2.6 in CIDR notation (in this example 192.168.10.0/24).

Image of a configuration settings menu related to network management, featuring options to allow login, exempt from IPS/PS, and exempt from antivirus, with an alert that changes will be preserved unless canceled or logged out.

2.9) Finally, implement the changes by clicking Activate.

Screenshot of a firewall configuration interface on a computer screen.