Policies_Network_FailoverLB

Policies_Network_FailoverLB_Snwls

WAN Failover and Load Balancing

WAN Failover enables you to configure one of the user-defined interfaces as a secondary WAN port. The secondary WAN port can be used in a simple “active/passive” setup to allow traffic to be only routed through the secondary WAN port if the Primary WAN port is unavailable. This allows the SonicWALL to maintain a persistent connection for WAN port traffic by “failing over” to the secondary WAN port.

For a SonicWALL appliance with a WWAN interface, such as a TZ 190, you can configure failover using the WWAN interface. Failover between the Ethernet WAN (the WAN port, OPT port, or both) and the WWAN is supported through the WAN Connection Model setting.

This feature also allows you to perform simple load balancing for the WAN traffic on the SonicWALL. You can select a method of dividing the outbound WAN traffic between the two WAN ports and balance network traffic. Load-balancing is currently only supported on Ethernet WAN interfaces, but not on WWAN interfaces.

The SonicWALL can monitor WAN traffic using Physical Monitoring which detects if the link is unplugged or disconnected, or Physical and Logical Monitoring, which monitors traffic at a higher level, such as upstream connectivity interruptions.

Note Before you begin, be sure you have configured a user-defined interface to mirror the WAN port settings.

To configure the WAN Failover for a SonicWALL appliance, perform the following steps:

1. Expand the Network tree and click WAN Failover & LB. The WAN Failover & LB page displays.

2. Select the Enable Load Balancing check box.

3. Select the secondary interface(s) from the Secondary WAN Interface pull-down menu. If this is not configured, you will need to configure a WAN interface from the Network > Interfaces page.

Appliances running SonicOS Enhanced 5.5 can support up to three alternate WAN interfaces. For these appliances, the Secondary WAN Interface pull-down menu is replaced with up to three Alternate WAN pull-down menus. The pull-down menu will contain all interfaces configured as WAN interfaces.

4. Specify how often the SonicWALL appliance will check the interface (5-300 seconds) in the Check interface every field (default: 5 seconds).

5. Specify the number of times the SonicWALL appliance tests the interface as inactive before failing over in the Deactive interface after field (default: 3). For example, if the SonicWALL appliance tests the interface every 5 seconds and finds the interface inactive after 3 successive attempts, it will fail over to the secondary interface after 15 seconds.

6. Specify the number of times the SonicWALL appliance tests the interface as active before failing back to the primary interface in the Deactive interface after field (default: 3). For example, if the SonicWALL appliance tests the interface every 5 seconds and finds the interface active after 3 successive attempts, it will fail back to the primary interface after 15 seconds.

7. To configure outbound load balancing, select from the following:

– Select Basic Active/Passive Failover to enable a basic failover setup. When the primary device fails to provide a connection, it will enter standby and allow the secondary device to take over network traffic. Check the Preempt and failback to Primary WAN when possible checkbox to enable immediate failback to the primary device when available.

– Select Per Connection Round-Robin to enable a Round-Robin form of load balancing. In the 17th or 18th century, when peasants in France wanted to complain to the king using a petition, the usual reaction from the monarch was to seize the two or three people on top of that petition list and execute them. In order to stop this form of arbitrary vengeance, the names were signed in a circle at the bottom of the petition so that no one would be on top of the list. This became known as a Round-Robin. Thus, in load balancing, Round-Robin is where network requests are applied to a circular list. When the network load becomes too much, GMS acts as a monarch and picks several of the network clients from the list to execute. This process allows GMS to quickly and easily free up network resources.

– Select Spillover-based and enter a value (in Kb/sec) to enable the secondary device to serve as a load balancer. With this option selected, traffic will be re-routed to the secondary device should the primary WAN device exceed the specified bandwidth.

– Select Percentage-Based to split network traffic between the primary and secondary or alternate WAN interfaces based on your specified percentages. When using Percentage-Based load balancing, you may select the Use Source and Destination IP Addresses Binding checkbox to keep related traffic together across an interface.

: •: Enter a Primary WAN Percentage and Secondary WAN Percentage that add up to 100 to divide traffic between the two WAN interfaces.

: •: Appliances running SonicOS Enhanced 5.5 or above can divide traffic between up to four WAN interfaces. Enter a Primary WAN Percentage, and up to three Alternate WAN Percentage settings that add up to 100.

Timesaver: When using Percentage-Based load balancing, fill in the Primary WAN Percentage field only. The Secondary WAN Percentage field will be calculated for you.

8. The SonicWALL appliance can monitor the WAN by detecting whether the link is unplugged or disconnected or by sending probes to a target IP address of an “always available” target upstream device on the WAN network, such as an ISP side router. To enable probe monitoring, select the Enable Probe Monitoring check box and configure the following settings:

– Primary WAN Probe Settings—Select the protocol used for monitoring and enter the IP address and port (TCP only) of the probe target. If there will be an optional probe target, specify these settings also and select whether the SonicWALL appliance must test both targets or either target.

– Secondary WAN Probe Settings—Select the protocol used for monitoring and enter the IP address and port (TCP only) of the secondary probe target. If there will be an optional secondary probe target, specify these settings also and select whether the SonicWALL appliance must test both targets or either target.

– WWAN WAN Probe Settings—Select the protocol used for monitoring and enter the IP address and port (TCP only) of the WWAN probe target. If there will be an optional WWAN probe target, specify these settings also and select whether the SonicWALL appliance must test both targets or either target.

Note TCP probing is useful if you do not have ping (ICPM) response enabled on your network devices. In this case, TCP can be used to probe the device on a user-specified port.

9. Select the Respond to Probes checkbox to enable GMS managed devices to respond to probe requests. With this option selected, you can also check the Any TCP-SYN to Port checkbox and enter a specific port to probe.

10. Click the Update button at the bottom of the page to save these settings.

Configuring Multiple WAN Interfaces

The Multiple WAN (MWAN) feature allows the administrator to configure all but one of the appliance's interface for WAN network routing (one interface must remain configured for the LAN zone for local administration). All of the WAN interfaces can be probed using the SNWL Global Responder host. Multiple WAN is configured across the following sections of the UI.

Configuring Network Interfaces for Multiple WAN

The Network > Interfaces page allows more than two WAN interfaces to be configured for routing. It is possible to configure WAN interfaces in the Network Interfaces page, but not include them in the Failover & LB. Only the Primary WAN Ethernet Interface is required to be part of the LB group whenever LB has been enabled. Any WAN interface that does not belong to the LB group is not included in the LB function, but performs normal WAN routing functions.

A virtual WAN interface may belong to the LB group. However, prior to using within the LB group, please ensure that the virtual WAN network is fully routable like that of a physical WAN.

Routing the Default & Secondary Default Gateways for Multiple WAN

Because the gateway address objects previously associated with the Primary WAN and Secondary WAN are now deprecated, user-configured Static Routes need to be re-created in order to use the correct gateway address objects associated with the WAN interfaces. This must be configured manually as part of the firmware upgrade procedure on the Network > Routing (ENH) page.

The old address object, Default Gateway, corresponds to the default gateway associated with the Primary WAN in the LB group. The Secondary Default Gateway address object corresponds to the default gateway associated with Alternate WAN #1.

Note After re-adding the routes, delete the old ones referring to the Default and Secondary Default Gateways.

Configuring DNS for Multiple WAN

If DNS name resolution issues are encountered with multiple WAN interfaces, you may need to select the Specify DNS Servers Manually option on the Network > DNS page and set the servers to Public DNS Servers (ICANN or non-ICANN).

Depending on your location, some DNS Servers may respond faster than others. Verify that these servers work correctly from your installation prior to using your SonicWALL appliance.