- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
Policy Based Routing and WAN Load Balancing Example on SonicOS 7.X and SonicOS Enhanced
12/20/2021 
443 People found this article helpful
50,581 Views
Description
Resolution for SonicOS 7.X
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
The following example walks you through creating a route policy for two simultaneously active WAN interfaces. For this example, a secondary WAN interface needs to be setup and configured with the settings from your ISP.
Configure the security appliance for load balancing by checking Enable Load Balancing on the Network | System|Failover & LB page. For this example, choose Round-Robin as the load balancing type on the Network | System|Failover & LB page. Click Apply to save your changes.
- Click Policy in the top navigation menu
- Select the Rules and Policies|Routing Rules
- Click the Add button. The Add Route Policy window is displayed.
- Create a routing policy that directs all LAN Subnet sources to Any destination for HTTP service out of the Default Gateway via the X1 interface.
- Click on Save to save the policy.
- Create a second routing policy that directs all LAN Subnet sources to Any destinations for Telnet service out of the X9 Default Gateway via the X9 interface.
These two policy-based routes force all sources from the LAN subnet to always go out the primary WAN when using any HTTP-based application, and force all sources from the LAN subnet to always go out the backup WAN when using any Telnet-based application.
To test the HTTP policy-based route, from a computer attached to the LAN interface, access the public Web sites WhatIsMyIP.com If the HTTP route policy is functioning correctly, site will the primary WAN interface’s IP address and not the secondary WAN interface.
To test the Telnet policy-based route, telnet to route-server.exodus.net and, when logged in, issue the who command. It should display the IP address (or resolved FQDN) of the WAN IP address of the secondary WAN interface and not the primary WAN interface.
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
Procedure:
The following example walks you through creating a route policy for two simultaneously active WAN interfaces. For this example, a secondary WAN interface (say, X3 or if a Gen4 TZ device, OPT) needs to be setup and configured with the settings from your ISP. Next, configure the security appliance for load balancing by checking Enable Load Balancing on the Manage | Network | Failover & Load Balancing page. For this example, choose Per Connection Round-Robin as the load balancing method on the Manage | Network | Failover & Load Balancing page. Click Apply to save your changes on the Manage | Network | Failover & Load Balancing page.
- Click Manage in the top navigation menu
- Select the Network | Routing page.
- Under Route Policies
- Click the Add button under the Route Policies table. The Add Route Policy window is displayed.
- Create a routing policy that directs all LAN Subnet sources to Any destination for HTTP service out of the Default Gateway via the X1 interface.
- Click on OK to save the policy
- Create a second routing policy that directs all LAN Subnet sources to Any destinations for Telnet service out of the X9 Default Gateway via the X9 interface.
These two policy-based routes force all sources from the LAN subnet to always go out the primary WAN when using any HTTP-based application, and force all sources from the LAN subnet to always go out the backup WAN when using any Telnet-based application.
To test the HTTP policy-based route, from a computer attached to the LAN interface, access the public Web sites WhatIsMyIP.com . If the HTTP route policy is functioning correctly, site will display the primary WAN interface’s IP address and not the secondary WAN interface.
To test the Telnet policy-based route, telnet to route-server.exodus.net and, when logged in, issue the who command. It should display the IP address (or resolved FQDN) of the WAN IP address of the secondary WAN interface and not the primary WAN interface.
Resolution for SonicOS 6.2 and Below
The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.
Procedure:
The following example walks you through creating a route policy for two simultaneously active WAN interfaces. For this example, a secondary WAN interface (say, X3 or if a Gen4 TZ device, OPT) needs to be setup and configured with the settings from your ISP. Next, configure the security appliance for load balancing by checking Enable Load Balancing on the Network > WAN Failover & LB page. For this example, choose Per Connection Round-Robin as the load balancing method on the Network > WAN Failover & LB page. Click Apply to save your changes on the Network > WAN Failover & LB page.
- Select the Network > Routing page.
- Click the Add button under the Route Policies table. The Add Route Policy window is displayed.
- Create a routing policy that directs all LAN Subnet sources to Any destination for HTTP service out of the Default Gateway via the X1 interface.
- Create a second routing policy that directs all LAN Subnet sources to Any destinations for Telnet service out of the X3 Default Gateway via the X3 interface.
These two policy-based routes force all sources from the LAN subnet to always go out the primary WAN when using any HTTP-based application, and force all sources from the LAN subnet to always go out the backup WAN when using any Telnet-based application.
To test the HTTP policy-based route, from a computer attached to the LAN interface, access the public Web sites WhatIsMyIP.com If the HTTP route policy is functioning correctly, site will display the primary WAN interface’s IP address and not the secondary WAN interface.
To test the Telnet policy-based route, telnet to route-server.exodus.net and, when logged in, issue the who command. It should display the IP address (or resolved FQDN) of the WAN IP address of the secondary WAN interface and not the primary WAN interface.
Related Articles
- How to force an update of the Security Services Signatures from the Firewall GUI
- How to upload security services signatures manually on Closed Environments?
- How to Create Gen 7 Settings File by Using the Online Migration Tool
Categories
- Firewalls > SonicWall NSA Series > Networking
- Firewalls > TZ Series > Networking
- Firewalls > SonicWall SuperMassive E10000 Series > Networking
- Firewalls > SonicWall SuperMassive 9000 Series > Networking
YES
NO