Article Applies To:
Gen5: NSA E8510, E8500, E7500,
NSA E6500, NSA E5500, NSA 5000, NSA 4500, NSA 3500, NSA 2400, NSA
2400MX, NSA 220, NSA 220W NSA 240, NSA 250M, NSA250MW
Gen5 TZ Series: TZ 100, TZ 100W, TZ 105, TZ 105W TZ 200, TZ 200W, TZ 205, TZ 205W TZ 210, TZ 210W,TZ 215, TZ 215W
For Failover & Load Balancing (LB), from SonicOS Enhanced 5.6 onwards unlimited WAN members are supported:
Primary WAN Ethernet Interface
Alternate WAN #1
Alternate WAN #2
Alternate WAN #3
LB Members added to a LB Group take on certain “roles.” A member can only work in one of
the following roles:
one member can be the Primary per Group. This member always appears
first or at the top of the Member List. Note that although a group can
be configured with an empty member list, it is impossible to have
members without a Primary.
Alternate—More than one member can be an Alternate, however, it is not possible to have a Group of only Alternate members.
Last-Resort—Only one member can be designed as Last-Resort. Last-Resort can only be configured with other group members.
Each member in a group has a rank. Members are displayed in descending order of rank. The
rank is determined by the order of interfaces as they appear in the Member List for the group.
The order is important in determining the usage preferences of the Interfaces, as well as the
level of precedence within the group. Thus, no two interfaces within a group will have the same
or equal rank; each Interface will have a distinct rank.
Step 1: Configure Wan Failover Load balancing
1. On the
Network > Failover & LB page, under settings check the options
Enable Load Balancing and
Respond to Probes .
Groups, Click Configure for
Default LB Group .
Enable Load Balancing : If
enabled, allows the user to access the LB Groups and LB Statistics
section of the FLB configuration. If disabled, the LB Groups and LB
Statistics are greyed-out and LB function is not performed.
Respond to Probes: This is independent of the “Enable
Load Balancing” checkbox. Even if “Enable Load Balancing” is disabled,
“Respond to Probes” can be enabled and can function properly. When
“Respond to Probes” is enabled on the device, the device can reply to
probe request packets that arrive on any of its interfaces.
Any TCP-SYN to Port:-This
configuration takes a TCP port parameter to further specify what kind
of probe request packets will be processed. When enabled, the device
only responds to TCP probe request packets having the same packet
destination address TCP port number as the configured value e.g. 12345.
Add LB Group button is grayed out, currently we only support the
Default LB Group and future releases will support multiple.
Edit LB Group Windows is displayed, Under the
general tab select the type of
load balancing method
Group members: From the list of available WAN interface select the interfaces that has to participate in the failover function.
first interface added is the Primary. Succeeding additions will add the
interface to the tail of the member list giving them lower rank.
Type (or method) of LB
the type of LB from the dropdown list (Basic Active/Passive Failover,
Round Robin, Spillover-Based, or Percentage-Based).
Basic Active/Passive Failover:
The WAN interfaces use ‘rank’ to determine the order of preemption when the
Preempt and failback to preferred interfaces when possible
checkbox has been enabled. Only a higher-ranked interface can preempt an Active WAN interface
Final Back-Up:- The Final Back-Up
interface is used IF and ONLY IF there are no other interfaces Available
in the group. It is for FAILOVER only and always gets preempted by
other members. Only one interface can be selected as a last-resort
interface, but it is not required for any LB Group to have a Final
Back-Up. The rule of preemption (enable/disable) does not apply to a
Final Back-Up interface; preemption enable/disable only applies to
Primary and Alternates. A Final Back-Up interface is never used for LB,
so it does not take a percentage in Ratio, never gets selected in RR,
and never gets Spillover traffic.
This option now
allows the user to re-order the WAN interfaces for Round Robin
selection. The order is as follows: Primary WAN, Alternate WAN #1,
Alternate WAN #2, and Alternate WAN #3; the Round Robin will then repeat
back to the Primary WAN and continue the order.
bandwidth threshold applies to the Primary WAN. Once the threshold is
exceeded, new traffic flows are allocated to the Alternates in a Round
Robin manner. Once the Primary WAN bandwidth goes below the configured
threshold, Round Robin stops, and outbound new flows will again be sent
out only through the Primary WAN.
Note that existing flows will remain associated with the Alternates (since they are already cached) until they timeout normally.
are now four fields so that percentages can be set for each WAN in the
LB group. To avoid problems associated with configuration errors, please
ensure that the percentage correctly corresponds to the WAN interface
set the individual percentages of the member interfaces, an input box
beside the member list is provided for the percentage value. The total
of the percentage settings should be 100.
Use Source and Destination IP Address Binding:
When you are using percentage-based load balancing, this checkbox
enables you to maintain a consistent mapping of traffic flows with a
single outbound WAN interface, regardless of the percentage of traffic
through that interface.
Note: When one of the WAN interface goes down the new connections will flow through the available WAN interfaces.
Step 2: Configure Probing
1. Once the Load Balancing method is selected, go to the
On the probing tab the following options are available
Check Interface—The interval of health checks in units of seconds
Deactivate Interface—After a series of failed health checks, the interface sets to “Failover”
Reactivate Interface—After a series of successful health checks, the interface sets to “Available”
Note: Probe responder.global.sonicwall.com on all interfaces in this group
- when enabled,
it causes the Per-member Probe Settings to be greyed-out and automatically set to this fixed setting:
Logical/Probe Monitoring" enabled
Probe succeeds when Main Target responds” is selected
Main Target is set to TCP, host responder.global.sonicwall.com, TCP port 50000
Alternate Target is greyed-out
Default Target IP is set to 220.127.116.11
Note: Probe responder.global.sonicwall.com o
this checkbox is selected, the rest of the probe configuration will
automatically enable built-in settings. The same probe will be applied
to all four WAN Ethernet interfaces. Note that the Dialup WAN probe
setting also defaults to the built-in settings
2. Navigate to the
Network >Failover & LB screen, and expand the Default LB Group ;
Notice that the member interfaces have grayed-out Configure buttons
Default LB Group
and go to the Probing tab;
Disable the option
“Probe responder.global.sonicwall.com on all interfaces in this group ” ; hit
Network > Failover & LB screen, and
Default LB Group ; Notice that the member interfaces now have usable Configure buttons
Configuration the settings depending upon the requirement.