Using Source and Destination IP Address Binding with Percentage-Based WAN Failover and LB
07/11/2023 59 People found this article helpful 402,639 Views
Description
SonicOS: Using Source and Destination IP Address Binding with Percentage-Based WAN Failover and Load Balancing
Resolution
Resolution for SonicOS 7.X
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
While WAN Load Balancing addresses performance challenges, it can create other problems, including losing track of sessions. Session confusion can occur when applications fail to adequately track multiple user sessions load-balanced on multiple interfaces. These applications treat incoming packets as originating from different users because they use IP addresses to differentiate user sessions instead of application-layer user identification tags.
To ensure that you have proper connectivity in all applications, SonicWall provides a feature called Source and Destination IP Addresses Binding, a solution that maintains a consistent mapping of traffic flows with a single outbound WAN interface. Follow these steps to enable source and destination IP address binding when Percentage-Based load balancing is used:
- Select Network | System | Failover & LB.
- Enable the option "Use Source and Destination IP Address Binding".
- Click OK.
NOTE: This method uses only the source IP address and the destination IP address to determine when to bind a connection to a single interface and ignores all other information, such as source and destination TCP port numbers.
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
While WAN Load Balancing addresses performance challenges, it can create other problems, including losing track of sessions. Session confusion can occur when applications fail to adequately track multiple user sessions load-balanced on multiple interfaces. These applications treat incoming packets as originating from different users because they use IP addresses to differentiate user sessions instead of application-layer user identification tags.
To ensure that you have proper connectivity in all applications, SonicWall provides a feature called Source and Destination IP Addresses Binding, a solution that maintains a consistent mapping of traffic flows with a single outbound WAN interface. Follow these steps to enable source and destination IP address binding when Percentage-Based load balancing is used:
- Select Manage | Network | Failover & Load Balancing.
- Enable the "Use Source and Destination IP Address Binding" check box.
- Click OK.
NOTE: This method uses only the source IP address and the destination IP address to determine when to bind a connection to a single interface and ignores all other information, such as source and destination TCP port numbers.
Resolution for SonicOS 6.2 and Below
The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.
While WAN Load Balancing addresses performance challenges, it can create other problems, including losing track of sessions. Session confusion can occur when applications fail to adequately track multiple user sessions load-balanced on multiple interfaces. These applications treat incoming packets as originating from different users because they use IP addresses to differentiate user sessions instead of application-layer user identification tags.
To ensure that you have proper connectivity in all applications, SonicWall provides a feature called Source and Destination IP Addresses Binding, a solution that maintains a consistent mapping of traffic flows with a single outbound WAN interface. Follow these steps to enable source and destination IP address binding when Percentage-Based load balancing is used:
- Select Network | Failover & LB.
- Enable the "Use Source and Destination IP Address Binding" check box.
- Click OK.
NOTE: This method uses only the source IP address and the destination IP address to determine when to bind a connection to a single interface and ignores all other information, such as source and destination TCP port numbers.
Related Articles
Categories