-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
Policy Based Routing and WAN Load Balancing Example on SonicOS 7.X and SonicOS Enhanced
12/20/2021 
467 People found this article helpful
485,285 Views
Description
Resolution for SonicOS 7.X
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
The following example walks you through creating a route policy for two simultaneously active WAN interfaces. For this example, a secondary WAN interface needs to be setup and configured with the settings from your ISP.
Configure the security appliance for load balancing by checking Enable Load Balancing on the Network | System|Failover & LB page. For this example, choose Round-Robin as the load balancing type on the Network | System|Failover & LB page. Click Apply to save your changes.
- Click Policy in the top navigation menu
- Select the Rules and Policies|Routing Rules
- Click the Add button. The Add Route Policy window is displayed.
- Create a routing policy that directs all LAN Subnet sources to Any destination for HTTP service out of the Default Gateway via the X1 interface.
- Click on Save to save the policy.
- Create a second routing policy that directs all LAN Subnet sources to Any destinations for Telnet service out of the X9 Default Gateway via the X9 interface.
These two policy-based routes force all sources from the LAN subnet to always go out the primary WAN when using any HTTP-based application, and force all sources from the LAN subnet to always go out the backup WAN when using any Telnet-based application.
To test the HTTP policy-based route, from a computer attached to the LAN interface, access the public Web sites WhatIsMyIP.com If the HTTP route policy is functioning correctly, site will the primary WAN interface’s IP address and not the secondary WAN interface.
To test the Telnet policy-based route, telnet to route-server.exodus.net and, when logged in, issue the who command. It should display the IP address (or resolved FQDN) of the WAN IP address of the secondary WAN interface and not the primary WAN interface.
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
Procedure:
The following example walks you through creating a route policy for two simultaneously active WAN interfaces. For this example, a secondary WAN interface (say, X3 or if a Gen4 TZ device, OPT) needs to be setup and configured with the settings from your ISP. Next, configure the security appliance for load balancing by checking Enable Load Balancing on the Manage | Network | Failover & Load Balancing page. For this example, choose Per Connection Round-Robin as the load balancing method on the Manage | Network | Failover & Load Balancing page. Click Apply to save your changes on the Manage | Network | Failover & Load Balancing page.
- Click Manage in the top navigation menu
- Select the Network | Routing page.
- Under Route Policies
- Click the Add button under the Route Policies table. The Add Route Policy window is displayed.
- Create a routing policy that directs all LAN Subnet sources to Any destination for HTTP service out of the Default Gateway via the X1 interface.
- Click on OK to save the policy
- Create a second routing policy that directs all LAN Subnet sources to Any destinations for Telnet service out of the X9 Default Gateway via the X9 interface.
These two policy-based routes force all sources from the LAN subnet to always go out the primary WAN when using any HTTP-based application, and force all sources from the LAN subnet to always go out the backup WAN when using any Telnet-based application.
To test the HTTP policy-based route, from a computer attached to the LAN interface, access the public Web sites WhatIsMyIP.com . If the HTTP route policy is functioning correctly, site will display the primary WAN interface’s IP address and not the secondary WAN interface.
To test the Telnet policy-based route, telnet to route-server.exodus.net and, when logged in, issue the who command. It should display the IP address (or resolved FQDN) of the WAN IP address of the secondary WAN interface and not the primary WAN interface.
Resolution for SonicOS 6.2 and Below
The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.
Procedure:
The following example walks you through creating a route policy for two simultaneously active WAN interfaces. For this example, a secondary WAN interface (say, X3 or if a Gen4 TZ device, OPT) needs to be setup and configured with the settings from your ISP. Next, configure the security appliance for load balancing by checking Enable Load Balancing on the Network > WAN Failover & LB page. For this example, choose Per Connection Round-Robin as the load balancing method on the Network > WAN Failover & LB page. Click Apply to save your changes on the Network > WAN Failover & LB page.
- Select the Network > Routing page.
- Click the Add button under the Route Policies table. The Add Route Policy window is displayed.
- Create a routing policy that directs all LAN Subnet sources to Any destination for HTTP service out of the Default Gateway via the X1 interface.
- Create a second routing policy that directs all LAN Subnet sources to Any destinations for Telnet service out of the X3 Default Gateway via the X3 interface.
These two policy-based routes force all sources from the LAN subnet to always go out the primary WAN when using any HTTP-based application, and force all sources from the LAN subnet to always go out the backup WAN when using any Telnet-based application.
To test the HTTP policy-based route, from a computer attached to the LAN interface, access the public Web sites WhatIsMyIP.com If the HTTP route policy is functioning correctly, site will display the primary WAN interface’s IP address and not the secondary WAN interface.
To test the Telnet policy-based route, telnet to route-server.exodus.net and, when logged in, issue the who command. It should display the IP address (or resolved FQDN) of the WAN IP address of the secondary WAN interface and not the primary WAN interface.
Related Articles
- How to configure numbered VPN tunnel
- Cysurance Partner FAQ
- How can I enable Enhanced Audit Logging Support?
Categories
- Firewalls > SonicWall NSA Series > Networking
- Firewalls > TZ Series > Networking
- Firewalls > SonicWall SuperMassive E10000 Series > Networking
- Firewalls > SonicWall SuperMassive 9000 Series > Networking
YES
NO