Support Training: WAN Failover and Load-Balancing

Lab Guide

Table of Contents
1. Purpose...............................................................................................................................................2
2. Procedure...........................................................................................................................................2
a. Configure Secondary WAN interface..........................................................................................2
b. Enable Load Balancing...................................................................................................................2
c. Configure Load Balancing.............................................................................................................3
d. Configure Probing..........................................................................................................................4
e. About Source and Destination IP Address Binding....................................................................6
f. How to test.....................................................................................................................................7

SONICWALL, Inc. Confidential Page 1 of 9

 Support Training: WAN Failover and Load-Balancing
Lab Guide

1. Purpose

WAN Failover and Load Balancing allows you to designate the one of the user-assigned interfaces as a
Secondary or backup WAN port. The secondary WAN port can be used in a simple active/passive setup,
where traffic is only routed through the secondary WAN port if the primary WAN port is down and/or
unavailable.

2. Procedure

Your SonicWall will typically have multiple interfaces that can be used for ISP connections.  In the image
below the typical LAN(X0) and WAN(X1) interfaces are likely already being used for your first ISP/WAN
and your LAN.  For this example, I used interface X3 for my second ISP.  If it is available, then plug your
second ISP’s uplink cable there.

a. Configure Secondary WAN interface

b. Enable Load Balancing

Go to Network -> Failover &LB, The Enable Load Balancing option must be enabled for the user
to access the LB Groups and LB Statistics sections of the Failover & Load Balancing configuration.
If disabled, no options for Failover & Load Balancing are available to be configured. This option is
enabled by default.

SONICWALL, Inc. Confidential Page 2 of 9

 Support Training: WAN Failover and Load-Balancing
Lab Guide

Note: It is recommended that Load Balancing be enabled at all times, even if there is only one WAN.

c. Configure Load Balancing

1) Enable load balancing by checking the “Enable Load Balancing” check box, then under
“Groups”, find the “Default LB Group” and click the Configure / Pencil button for the
Default LB Group.

2) At this point, you will need to choose a “Type” for this Load Balancer.  There are 4 types to
choose from:

 Basic Failover – Probes the internet on both interfaces, but all traffic goes through
your primary.  If the primary goes down, traffic goes through secondary.

 Round Robin – Traffic goes equally over both ISP interfaces.  If one goes down, all
traffic goes through the one that is still up.

 Spill-over – All traffic up to a specified MBPS rating goes through the primary ISP
interface, traffic over the threshold goes through the secondary ISP interface.

 Ratio – When both ISP interfaces are up, traffic goes through each using a specified
ratio that we configure adding up to 100% (70-30, 60-40, etc…)

3) Make your “Type” choice.  I chose “round robin” which makes the options you see below.  I
then chose the X3 interface and added it to the Selected Interface Pool on the right using
the “Add >>” button.  

4) Your options will be slightly different depending on the “type” choice you chose above.  

5) For Spill-over, you will choose how much bandwidth to use on the primary before spilling
traffic over to the secondary interface.

SONICWALL, Inc. Confidential Page 3 of 9

 Support Training: WAN Failover and Load-Balancing
Lab Guide
6) If you chose ratio, you will decide what percentage of the total traffic to send over each
interface.

d. Configure Probing

1) Probing is what is used to detect if an ISP is up and operational or not.  We tell it how
frequently to check the interface, how many failures it takes to deactivate the
interface, and how many successful checks to make before reactivating the interface
again.

2) We also can check the “Probe responder.global.SonicWall.com on all interfaces in this

group” to have it probe the SonicWall system through each interface for the probe.
Set these the way you want and then click Ok.  This will bring you back to the Failover
and LB page.

SONICWALL, Inc. Confidential Page 4 of 9

 Support Training: WAN Failover and Load-Balancing
Lab Guide

3) Difference between probing enabled in global vs interface level:

4) Probe enabled in interface level:

SONICWALL, Inc. Confidential Page 5 of 9

 Support Training: WAN Failover and Load-Balancing
Lab Guide

i. Select the type of probing to be done:

1. Physical Monitoring Only (default; all other options are dimmed)

2. Logical/Probe Monitoring enabled – all other options become

available.

ii. From the Logical/Probe Monitoring enabled drop-down menu, select when
the probe succeeds:

1. Probe succeeds when either Main Target or Alternate Target

responds.

2. Probe succeeds when both Main Target and Alternate Target

respond.

3. Probe succeeds when Main Target responds.

4. Succeeds Always (no probing). – Default; all other options are

dimmed.

iii. From the Main Target drop-down menu, select:

 Ping (ICMP)

 TCP (default)

SONICWALL, Inc. Confidential Page 6 of 9

 Support Training: WAN Failover and Load-Balancing
Lab Guide
 In the Main Target Host field, enter the host name. The
default is responder.global.SonicWall.com

 In the Main Target Port field, enter the applicable port. The
default is 50000.

iv. NOTE: The Alternate Target options are available only when Probe succeeds
when either Main Target or Alternate Target responds or Probe succeeds
when both Main Target and Alternate Target respond is selected for
Logical/Probe Monitoring enabled.

v. In the Default Target IP field, enter the IP address of the default target.

1. This option is dimmed if Succeeds Always (no probing) is selected for

Logical/Probe Monitoring enabled.

2. An IP Address of 0.0.0.0 or a DNS resolution failure uses the

configured Default Target IP.

e. About Source and Destination IP Address Binding

5) When you establish a connection with a WAN, you can create multiple interfaces,
dividing up the task load over these interfaces. There are both Primary and Secondary
WAN interfaces. This task distribution model maintains high performance, ensuring
that one interface does not become an impasse to the point where it blocks traffic
from passing. This process is WAN Load Balancing.

SONICWALL, Inc. Confidential Page 7 of 9

 Support Training: WAN Failover and Load-Balancing
Lab Guide
6) While WAN Load Balancing addresses performance challenges, it can create other
problems, including losing track of sessions. Session confusion can occur because
some applications fail to adequately track multiple user sessions load-balanced on
multiple interfaces. These applications treat incoming packets as originating from
different users because they use IP addresses to differentiate user sessions instead of
application-layer user identification tags,

7) To ensure that you have proper connectivity in all applications, SonicWall provides a
feature called Source and Destination IP Addresses Binding, a solution that maintains
a consistent mapping of traffic flows with a single outbound WAN interface.

SONICWALL, Inc. Confidential Page 8 of 9

 Support Training: WAN Failover and Load-Balancing
Lab Guide
f. How to test

SONICWALL, Inc. Confidential Page 9 of 9