- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
-
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
-
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
How can I route some or all WAN traffic through a backup WAN?
04/21/2022 
395 People found this article helpful
130,698 Views
Description
This article explains how to route the Internet traffic for a specific IP or subnet to use the secondary WAN.
If you would like to configure WAN Failover, the article is: How to configure Failover when there are two or more WAN Interfaces?
Static Routes are used to push traffic to the right gateway device/interface. When a SonicWall has two or more Internet Service Provider WAN Links, and you want to force only certain IP Addresses or types of traffic through one specific ISP, you must create a policy-based route to push that traffic as per requirement.
Resolution
Let's consider WAN X1 as the Primary and WAN X2 as the Secondary ISP. There is a new subnet on X3. The requirement is that all devices on the X3 subnet should use the secondary WAN X2. The same steps can be used if instead of a subnet, you only need a specific IP or group of IPs.
Resolution for SonicOS 7.X
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
CAUTION: Remember when creating a Route that it will take effect immediately. Always make sure to have your Gateway and Interface set properly to avoid problematic routing.
- Login to the SonicWall management GUI
- Click Policy on the top bar, navigate to Rules and Policies and click Routing Rules
- Click Add to create a Static Route. In the pop-up window, there are several options available to you, all of which are important to understand.
- The Source field refers to where the traffic will be coming from. In the below example we want to apply this Route to any traffic coming from X3 subnet.
- Now, if you only need a specific IP or group of IPs to use X2 WAN, then create an address group with all the IPs needed and use it as the Source
---- Route with custom address group
- The Service field refers to the type of traffic this Route should apply to. Selecting ANY would be the best option, unless you have a specific service/port that should be using the backup WAN
- The Destination field refers to where the traffic is going. In the below example we select Any since we can't list all the destinations.
- The Interface field is what Interface the Gateway we've chosen exists on. In this case, we're using our ISP on X2, so we choose X2.
- The Gateway field is where the traffic will be sent to. In this instance, we have our Backup ISP on the X2 Interface and so we select the X2 Default Gateway.
NOTE: The Metric field refers to what weight this Route should have. The lower metric is a higher priority. In this example, we've chosen 10.
- Click Add to save the settings
If you would like the Route to work/disable upon a successful probe, Probe-Enabled Policy Based Routing Configuration please refer to Enabling Probing on Static Routes
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
CAUTION: Remember when creating a Route that it will take effect immediately. Always make sure to have your Gateway and Interface set properly to avoid problematic routing.
- Login to the SonicWall management GUI.
- Click MANAGE on the top bar, navigate to Network, and click Routing.
- Click Add to create a Static Route. In the pop-up window, there are several options available to you, all of which are important to understand.
- The Source field refers to where the traffic will be coming from. In the below example we want to apply this Route to any traffic coming from X3 subnet, as per the requirement
- The Destination field refers to where the traffic is going. In the below example we select Any since we can't list all the destinations.
- The Service field refers to the type of traffic this Route should apply to. Selecting ANY would be the best option unless you have a specific service/port that should be using the backup WAN
- The Gateway field is where the traffic will be sent to. In this instance, we have our Backup ISP on the X2 Interface and so we select the X2 Default Gateway.
- The Interface field is what Interface the Gateway we've chosen exists on. In this case, we're using our ISP on X2, so we choose X2. NOTE: The Metric field refers to what weight this Route should have. The lower metric is a higher priority. In this example, we've chosen 10.
- Now, if you only need a specific IP or group of IPs to use X2 WAN, then create an address group with all the IPs needed and use it as the Source
If you would like the Route to work/disable upon a successful probe, Probe-Enabled Policy Based Routing Configuration please refer to Enabling Probing On Static Routes.
Related Articles
- Analyzing TCP reset(RST)packets
- ‘Error sending one-time password’ encountered when connecting to NetExtender
- Supported SonicWall and 3rd party SFP and SFP+ modules that can be used with SonicWall NSsp series
Categories
- Firewalls > NSa Series > Networking
- Firewalls > NSv Series > Networking
- Firewalls > TZ Series > Networking
YES
NO