Configuring WAN Failover & Load-Balancing in SonicOS Enhanced (5.5 and below)

Question ID : 306
Created on 2013-07-07 at 8:05 PM
Author : Guru Corner []

Online URL :

Article Applies To:

Gen5: NSA E8510, E8500, E7500, NSA E6500, NSA E5500, NSA 5000, NSA 4500, NSA 3500, NSA 2400, NSA 2400MX, NSA 220, NSA 220W NSA 240, NSA 250M, NSA250MW
Gen5 TZ series: TZ 100, TZ 100W, TZ 105, TZ 105W TZ 200, TZ 200W, TZ 205, TZ 205W TZ 210, TZ 210W,TZ 215, TZ 215W.

Gen4 PRO series: PRO 5060, PRO 4100, PRO 4060,PRO 3060, PRO 2040, PRO 1260
Gen4 TZ series: TZ 190, TZ 190 W, TZ 180, TZ 180 W, TZ 170, TZ 170 W


WAN Failover and Load Balancing allows you to designate the one of the user-assigned interfaces as a Secondary or backup WAN port. The secondary WAN port can be used in a simple active/passive setup, where traffic is only routed through the secondary WAN port if the primary WAN port is down and/or unavailable.


WAN Failover Caveats

WAN Failover and Load Balancing applies to outbound-initiated traffic only; it cannot be used to perform inbound Load Balancing functions, such as what a content switching or Load Balancing appliance provides.|

2. Make sure that the SonicWALL security appliance has the proper NAT policies for the Secondary WAN interface an incorrect or missing NAT Policy for the Secondary WAN port is the most common problem seen when configuring WAN Failover & Load Balancing.

3. The Primary and Secondary WAN ports cannot be on the same IP subnet; each WAN connection must be on unique IP subnets in order to work properly

4. You cannot use the WAN failover feature if you have configured the SonicWALL security appliance to use Transparent Mode in the Network > Interfaces page.



To configure WAN failover and Load Balancing following steps has to performed

Step 1. Configure an interface as Secondary WAN port


On Network > Interface page configure the chosen port to be in WAN zone, and enter in the correct address settings provided by the Secondary ISP. In the example, NSA 3500 is acquiring its secondary WAN address dynamically from ISP 2, using DHCP.

Step 2. Activate and Select WAN Failover/Load-Balancing Methods

1. On Network > WAN Failover & LB page, select Enable Load Balancing

If there are multiple possible secondary WAN interfaces, select an interface from the Alternate WAN drop down box. Select a load balancing method. By default, the SonicWALL will select Basic Active/Passive Failover as the method, but there are four load balancing methods available.

Use Source and Destination IP Address Binding: When you are using percentage-based load balancing, this checkbox enables you to maintain a consistent mapping of traffic flows with a single outbound WAN interface, regardless of the percentage of traffic through that interface.

2. Click OK

Step 3. Configuring WAN Probe Monitoring

1. On the Network > WAN Failover & Load Balancing page, under the WAN Interface Monitoring heading, check the Enable Probe Monitoring box

2. Click on the Configure button. The Configure WAN Probe Monitoring window is displayed.

3. The new option is called Probe on Primary, Alternate #1, Alternate #2, Alternate #3. When enabled, this sends TCP probe packets to the global SNWL host that responds to SNWL TCP packets,, using a target probe destination address of If disabled, only a physical link check is performed on Alternate WAN #2 and Alternate WAN #3.


4. In the Primary WAN Logical/Probe Settings menu, select one of the following options: 

 – Probe succeeds when either Main Target or Alternate Target responds 
 – Probe succeeds when both Main Target and Alternative Target respond 
 – Probe succeeds when Main Target responds 
 – Succeeds Always (no probing) 

5. Select Ping (ICMP) or TCP from the Probe Target menu. 

6. Enter the host name or IP address of the target device in the Host field. 

7. Enter a port number in the Port field

Note: If there is a NAT device between the two devices sending and receiving TCP probes, the Any TCP-SYN to Port box must be checked, and the same port number must be configured here and in  the Configure WAN Probe Monitoring window. 

8. Optionally, you can enter a default target IP address in the Default Target IP field. In case of a DNS failure when a host name is specified, the default target IP address is used. 

Note: An IP address of or a DNS resolution failure will use the Default Target IP configured. If is entered and no default target IP address is configured, the default gateway on that interface will be used. 

9. Configure the Secondary WAN Probe Settings, which provide the same options as the Primary WAN Probe Settings

10. Click OK

Back to Original Question