Title: Configuring WAN Failover & Load-Balancing in SonicOS Enhanced (5.5 and below)

Article Applies To:

Gen5: NSA E8510, E8500, E7500, NSA E6500, NSA E5500, NSA 5000, NSA 4500, NSA 3500, NSA 2400, NSA 2400MX, NSA 220, NSA 220W NSA 240, NSA 250M, NSA250MW
Gen5 TZ series: TZ 100, TZ 100W, TZ 105, TZ 105W TZ 200, TZ 200W, TZ 205, TZ 205W TZ 210, TZ 210W,TZ 215, TZ 215W.

Gen4 PRO series: PRO 5060, PRO 4100, PRO 4060,PRO 3060, PRO 2040, PRO 1260
Gen4 TZ series: TZ 190, TZ 190 W, TZ 180, TZ 180 W, TZ 170, TZ 170 W


Feature:

WAN Failover and Load Balancing allows you to designate the one of the user-assigned interfaces as a Secondary or backup WAN port. The secondary WAN port can be used in a simple active/passive setup, where traffic is only routed through the secondary WAN port if the primary WAN port is down and/or unavailable.

 


WAN Failover Caveats

1.
WAN Failover and Load Balancing applies to outbound-initiated traffic only; it cannot be used to perform inbound Load Balancing functions, such as what a content switching or Load Balancing appliance provides.|

2. Make sure that the SonicWALL security appliance has the proper NAT policies for the Secondary WAN interface an incorrect or missing NAT Policy for the Secondary WAN port is the most common problem seen when configuring WAN Failover & Load Balancing.

3. The Primary and Secondary WAN ports cannot be on the same IP subnet; each WAN connection must be on unique IP subnets in order to work properly

4. You cannot use the WAN failover feature if you have configured the SonicWALL security appliance to use Transparent Mode in the Network > Interfaces page.

 


Procedure:

To configure WAN failover and Load Balancing following steps has to performed

Step 1. Configure an interface as Secondary WAN port

 

On Network > Interface page configure the chosen port to be in WAN zone, and enter in the correct address settings provided by the Secondary ISP. In the example, NSA 3500 is acquiring its secondary WAN address dynamically from ISP 2, using DHCP.


Step 2. Activate and Select WAN Failover/Load-Balancing Methods

1. On Network > WAN Failover & LB page, select Enable Load Balancing

If there are multiple possible secondary WAN interfaces, select an interface from the Alternate WAN drop down box. Select a load balancing method. By default, the SonicWALL will select Basic Active/Passive Failover as the method, but there are four load balancing methods available.

  • Basic Active/Passive Failover:When this setting is selected, the SonicWALL security appliance only sends traffic through the Secondary WAN interface if the Primary WAN interface has been marked inactive.This item has an associated Preempt and fail back to Primary WAN when possible checkbox. When this checkbox is selected, the SonicWALL security appliance switches back to sending its traffic across the Primary WAN interface when it resumes responding to the SonicWALL security appliance’s checks.
  • Per Destination Round-Robin: When this setting is selected, the SonicWALL security appliance Load Balances outgoing traffic on a per-destination basis. This is a simple load balancing method and, though not very granular, allows you to utilize both links in a basic fashion . The SonicWALL security appliance needs to examine outbound flows for uniqueness in source IP and destination IP and make the determination as to which interface to send the traffic out of and accept it back on. Please note this feature will be overridden by specific static route entries.
  • Spillover-Based: When this settings is selected, the user can specify when the SonicWALL security appliance starts sending traffic through the Secondary WAN interface. This method allows you to control when and if the Secondary interface is used. This method is used if you do not want outbound traffic sent across the Secondary WAN unless the Primary WAN is overloaded.
  • Percentage-Based: When this setting is selected, you can specify the percentages of traffic sent through the Primary WAN and Secondary WAN interfaces. This method allows you to actively utilize both Primary and Secondary WAN interfaces.

Use Source and Destination IP Address Binding: When you are using percentage-based load balancing, this checkbox enables you to maintain a consistent mapping of traffic flows with a single outbound WAN interface, regardless of the percentage of traffic through that interface.

2. Click OK

Step 3. Configuring WAN Probe Monitoring

1. On the Network > WAN Failover & Load Balancing page, under the WAN Interface Monitoring heading, check the Enable Probe Monitoring box

2. Click on the Configure button. The Configure WAN Probe Monitoring window is displayed.
 

3. The new option is called Probe responder.global.sonicwall.com on Primary, Alternate #1, Alternate #2, Alternate #3. When enabled, this sends TCP probe packets to the global SNWL host that responds to SNWL TCP packets, responder.global.sonicwall.com, using a target probe destination address of 204.212.170.23:50000. If disabled, only a physical link check is performed on Alternate WAN #2 and Alternate WAN #3.

 

4. In the Primary WAN Logical/Probe Settings menu, select one of the following options: 

 – Probe succeeds when either Main Target or Alternate Target responds 
 – Probe succeeds when both Main Target and Alternative Target respond 
 – Probe succeeds when Main Target responds 
 – Succeeds Always (no probing) 

5. Select Ping (ICMP) or TCP from the Probe Target menu. 

6. Enter the host name or IP address of the target device in the Host field. 

7. Enter a port number in the Port field

Note: If there is a NAT device between the two devices sending and receiving TCP probes, the Any TCP-SYN to Port box must be checked, and the same port number must be configured here and in  the Configure WAN Probe Monitoring window. 

8. Optionally, you can enter a default target IP address in the Default Target IP field. In case of a DNS failure when a host name is specified, the default target IP address is used. 

Note: An IP address of 0.0.0.0 or a DNS resolution failure will use the Default Target IP configured. If 0.0.0.0 is entered and no default target IP address is configured, the default gateway on that interface will be used. 

9. Configure the Secondary WAN Probe Settings, which provide the same options as the Primary WAN Probe Settings

10. Click OK

Authored by: Guru Corner on Sun, Jul 7th, 2013 at 6:00 PM
This question has been viewed 26743 times so far.
Online URL: http://kb.guru-corner.com/question.php?ID=306

Powered by Guru Corner