Main Menu
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
SonicWall
  • Products
      All Products A–Z
      Free Trials
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Network Security Services
      • Network Security Management
      • Secure SD-WAN
    • Threat Protection
      • Advanced Threat Protection Cloud
      • Advanced Threat Protection Appliance
      • Capture Labs
    • Secure Access Service Edge (SASE)
      • Zero-Trust Network Access (ZTNA)
    • Cloud Security
      • Cloud Firewall
      • Cloud App Security
    • Endpoint Security
      • Endpoint Detection & Response (EDR)
    • Email Security
      • Cloud Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Secure Access
      • Wireless Access Points
      • Network Switch
      • Virtual Private Network (VPN)
    • Wi-Fi 6 Access Points

      SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.

      Read More
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • English English English en
  • BLOG
  • CONTACT SALES
  • FREE TRIALS
  • English English English en
SonicWall
  • Products
      All Products A–Z
      Free Trials
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Network Security Services
      • Network Security Management
      • Secure SD-WAN
    • Threat Protection
      • Advanced Threat Protection Cloud
      • Advanced Threat Protection Appliance
      • Capture Labs
    • Secure Access Service Edge (SASE)
      • Zero-Trust Network Access (ZTNA)
    • Cloud Security
      • Cloud Firewall
      • Cloud App Security
    • Endpoint Security
      • Endpoint Detection & Response (EDR)
    • Email Security
      • Cloud Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Secure Access
      • Wireless Access Points
      • Network Switch
      • Virtual Private Network (VPN)
    • Wi-Fi 6 Access Points

      SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.

      Read More
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • Menu

Policy Based Routing and WAN Load Balancing Example on SonicOS 7.X and SonicOS Enhanced

12/20/2021 458 People found this article helpful 203,964 Views

    Download
    Print
    Share
    • LinkedIn
    • Twitter
    • Facebook
    • Email
    • Copy URL The link has been copied to clipboard

    Description

    Resolution for SonicOS 7.X

    This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

    The following example walks you through creating a route policy for two simultaneously active WAN interfaces. For this example, a secondary WAN interface needs to be setup and configured with the settings from your ISP.

    Configure the security appliance for load balancing by checking Enable Load Balancing on the Network | System|Failover & LB page. For this example, choose Round-Robin as the load balancing type on the Network | System|Failover & LB page. Click Apply to save your changes.

    1. Click Policy in the top navigation menu
    2. Select the Rules and Policies|Routing Rules
    3. Click the Add button. The Add Route Policy window is displayed.
    4. Create a routing policy that directs all LAN Subnet sources to Any destination for HTTP service out of the Default Gateway via the X1 interface. 
    5. Click on Save to save the policy.
      Image
      Image

    6. Create a second routing policy that directs all LAN Subnet sources to Any destinations for Telnet service out of the X9 Default Gateway via the X9 interface.
      Image
      Image

    These two policy-based routes force all sources from the LAN subnet to always go out the primary WAN when using any HTTP-based application, and force all sources from the LAN subnet to always go out the backup WAN when using any Telnet-based application.

    To test the HTTP policy-based route, from a computer attached to the LAN interface, access the public Web sites WhatIsMyIP.com  If the HTTP route policy is functioning correctly, site will the primary WAN interface’s IP address and not the secondary WAN interface.

    To test the Telnet policy-based route, telnet to route-server.exodus.net and, when logged in, issue the who command. It should display the IP address (or resolved FQDN) of the WAN IP address of the secondary WAN interface and not the primary WAN interface.


    Resolution for SonicOS 6.5

    This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

     

     

    Procedure:

    The following example walks you through creating a route policy for two simultaneously active WAN interfaces. For this example, a secondary WAN interface (say, X3 or if a Gen4 TZ device, OPT) needs to be setup and configured with the settings from your ISP. Next, configure the security appliance for load balancing by checking Enable Load Balancing on the Manage | Network | Failover & Load Balancing page. For this example, choose Per Connection Round-Robin as the load balancing method on the Manage | Network | Failover & Load Balancing page. Click Apply to save your changes on the Manage | Network | Failover & Load Balancing page.

    1. Click Manage in the top navigation menu
    2. Select the Network | Routing page.
    3. Under Route Policies
    4. Click the Add button under the Route Policies table. The Add Route Policy window is displayed.
    5. Create a routing policy that directs all LAN Subnet sources to Any destination for HTTP service out of the Default Gateway via the X1 interface. 
    6. Click on OK to save the policy
      Image
    7. Create a second routing policy that directs all LAN Subnet sources to Any destinations for Telnet service out of the X9 Default Gateway via the X9 interface.

    Image

    These two policy-based routes force all sources from the LAN subnet to always go out the primary WAN when using any HTTP-based application, and force all sources from the LAN subnet to always go out the backup WAN when using any Telnet-based application.

    To test the HTTP policy-based route, from a computer attached to the LAN interface, access the public Web sites WhatIsMyIP.com . If the HTTP route policy is functioning correctly, site will  display the primary WAN interface’s IP address and not the secondary WAN interface.

    To test the Telnet policy-based route, telnet to route-server.exodus.net and, when logged in, issue the who command. It should display the IP address (or resolved FQDN) of the WAN IP address of the secondary WAN interface and not the primary WAN interface.

     

    Resolution for SonicOS 6.2 and Below

    The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.

     

     

    Procedure:

    The following example walks you through creating a route policy for two simultaneously active WAN interfaces. For this example, a secondary WAN interface (say, X3 or if a Gen4 TZ device, OPT) needs to be setup and configured with the settings from your ISP. Next, configure the security appliance for load balancing by checking Enable Load Balancing on the Network > WAN Failover & LB page. For this example, choose Per Connection Round-Robin as the load balancing method on the Network > WAN Failover & LB page. Click Apply to save your changes on the Network > WAN Failover & LB page.

    1. Select the Network > Routing page.
    2. Click the Add button under the Route Policies table. The Add Route Policy window is displayed.
    3. Create a routing policy that directs all LAN Subnet sources to Any destination for HTTP service out of the Default Gateway via the X1 interface. 
      Image
    4. Create a second routing policy that directs all LAN Subnet sources to Any destinations for Telnet service out of the X3 Default Gateway via the X3 interface.

    Image

    These two policy-based routes force all sources from the LAN subnet to always go out the primary WAN when using any HTTP-based application, and force all sources from the LAN subnet to always go out the backup WAN when using any Telnet-based application.

    To test the HTTP policy-based route, from a computer attached to the LAN interface, access the public Web sites WhatIsMyIP.com If the HTTP route policy is functioning correctly, site will display the primary WAN interface’s IP address and not the secondary WAN interface.

    To test the Telnet policy-based route, telnet to route-server.exodus.net and, when logged in, issue the who command. It should display the IP address (or resolved FQDN) of the WAN IP address of the secondary WAN interface and not the primary WAN interface.

     

    Related Articles

    • Bandwidth usage and tracking in SonicWall
    • How to force an update of the Security Services Signatures from the Firewall GUI
    • Configure Guest VLAN in the TZ firewall, for guest users to access Internet only.

    Categories

    • Firewalls > SonicWall NSA Series > Networking
    • Firewalls > TZ Series > Networking
    • Firewalls > SonicWall SuperMassive E10000 Series > Networking
    • Firewalls > SonicWall SuperMassive 9000 Series > Networking

    Not Finding Your Answers?

    ASK THE COMMUNITY

    Was This Article Helpful?

    YESNO

    Article Helpful Form

    Article Not Helpful Form

    Company
    • Careers
    • News
    • Leadership
    • Awards
    • Press Kit
    • Contact Us
    Popular resources
    • Communities
    • Blog
    • SonicWall Capture Labs

    Stay In Touch

    • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
    • This field is for validation purposes and should be left unchanged.
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
    • Instagram

    © 2023 SonicWall. All Rights Reserved.

    • Legal
    • Privacy
    • English
    Scroll to top