I have a Sonicwall NSA 3500 I'm configuring. It supports 1.5 Gbit of state-full traffic, but a single WAN port only supports 1 Gbit of traffic.
The NSA series firewalls don't support link aggregation. Could I, would I, should I configure round-robin WAN load balancing across two ports (which it does support)?
I have the ports to do it, both WAN ports would arrive at the same upstream switch which has a 10Gbit trunk to the router.
Why not right? Famous last words... so I ask...
Update
It seems that this is not possible because the firewall complains that the two WAN ports must be on different subnets. Confirmation from anyone that I understand this correctly?
Load balancing is usually done on two separate subnets because it's a lot easier to keep track of traffic, many firewalls get upset if you are talking to one IP, but getting replies from another in the same subnet. Plus you lose a large part of the redundancy associated with two separate connections, you'd only have physical redundancy, what would happen if your ISP went down?
That said, even if you did have round-robin WAN set up, unlesss you have an AS and a range of your own IPs set up, different providers will connect you and assign you two different sets of IPs. That means having two IPs on the servers, multiple DNS entries, and many more complications on the software configuration side.
Round robin WAN balancing is no where near ideal for hosting servers, it works nicely for plain connectivity though.