Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » dual WAN setup with Kerio Connect (best practices using a dual WAN setup for Kerio Connect)
  •  
lodewijk

Messages: 87
Karma: 1
Send a private message to this user
Im looking at options and opinions about running Kerio Connect with 2 internet connections.

Seeing as we have a client that has a very fast but very unreliable internet connection, and a second "backup" internet connection that is very very slow...but more reliable. This second slow connection is set to kick in only when the main line goes down. (fail-over mode in router)

I posted about this in the router fora too, check here for more info
http://community.ubnt.com/t5/EdgeMAX/Block-mailserver-SMTP-O UT-on-WAN2-but-allow-SMTP-IN-on-WAN2/m-p/1681600

My (limited) understanding is that making incoming email mail work, is not a big deal (make a second MX record for 2nd WAN IP basically)
But for outgoing it is not really possible/feasible/advisable to do due to DNS complications (but I have no clue to be honest)

Does anyone have experience or insights about running Kerio Connect and 2 internet connections?

regards,
lodewijk
  •  
Brian Carmichael (Kerio)

Messages: 559
Karma: 55
Send a private message to this user
It should be ok to send outgoing mail through both. With email delivery, consider that reliability is more important than speed. Both connections should use a reputable (business class) IP address with a valid reverse DNS record. If you use SPF, make sure both IPs are defined in your DNS configuration.

Brian Carmichael
Senior Technical Marketing Engineer | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
TheMilkMen

Messages: 52
Karma: 3
Send a private message to this user
You could consider using a smarhost like SendGrid or Mailgun. That way it doesn't matter which IP you send from because your email will always come from the smart host. Just make sure you setup SPF correctly whichever route you decide to go down.

If you've got users connecting from the outside to webmail or with mobile devices you'll have to think about how you want to handle that. One option would be to create two A records called mail.domain.com, (one for each connections IP) and then that way depending on how your router handles it "in theory" your users wouldn't see any downtime.
  •  
Maerad

Messages: 147
Karma: 29
Send a private message to this user
Actually this is less of a kerio but more of a DNS problem.

First - as brian said - you need a static ip address per wan link. For ForwardDNS you set the main IP as MX1, the second one as MX2 - something like "mail.youdomain.de" and "mail-backup.yourdomain.de".

Then you have to check with you ISP that the reverse DNS (that thing that makes numbers to names) is configured, so if you resolve the IP of the main link it returns mail.yourdomain.de, the other IP to mail-backup.yourdomain.de - or whatever domains you wanna use Smile

The only thing you have to config in kerio is the SPF record. Just google for SPF generator, there are many out there for this task.

So a server can deliver the mails, resolve the addresses you given and check them against SPF.

I strongly recommend http://mxtoolbox.com for checking if the SPD, DNS, Mailserver etc. works like it should.
  •  
UnifiedTechs-Brian

Messages: 159
Karma: 15
Send a private message to this user
We use DNS Made Easy's Failover to allow clients to fail over to the backup IP if the main IP goes down, if it detects the server is not available on the main IP it will set DNS for mail.domain.com to the backup IP. Make sure reverse DNS for both IPs are set the same.

Inbound mail uses multiple MX records as mentioned above.

- Brian
Kerio Preferred Partner, Reseller & Hosting Provider
Unified Technology Solutions
Previous Topic: gmail problems
Next Topic: Debian Linux and AD
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Dec 02 20:52:23 CET 2016

Total time taken to generate the page: 0.01078 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.