412-385-5000

SonicWALL Dual ISP Failover/Redundancy
By: Andre Ainsworth

Customers who view their Internet access as a critical component to their business should consider having more than one Internet Service Provider at any site considered a priority. In order to best leverage multiple ISPs, the Dell SonicWALL team makes it relatively simple to configure a firewall with ISP failover capabilities.

Key Points

  • This guide references a SonicWALL device running SonicOS Enhanced 5.8.1.6-4o
  • Lower-end SonicWALL devices only support two ISPs
  • We will assume both ISPs provide IP addressing via DHCP

Configuration Steps

  1. Log in to the SonicWALL device, click the “Wizards” button toward the upper right of the window. Select “PortShield Interface Wizard” then click the “Next>” button.SonicWALL Dual ISPSonicWALL Dual ISP
  2. Select “WAN/OPT/LAN Switch”, then click the “Next>” button.SonicWALL Dual ISP
  3. After seeing the Configuration Summary screen, you can now click the “Apply” button. Afterwards, close the popup window.SonicWALL Dual ISP
  4. At the main screen and within the left-side menu bar, select “Network”, then “Interfaces”. Next, referencing the “X2” interface, click the button that looks like a pencil under the “Configure” column.SonicWALL Dual ISP
  5. Change the “Zone:” field to “WAN”, then click “OK”.SonicWALL Dual ISP
  6. After the popup closes, and still under the “Network” drop-down menu on the left, select “Failover & LB”SonicWALL Dual ISP
  7. Select “X1” and “X2” and click the “Add >>” button. Click the “OK” button.SonicWALL Dual ISP
  8. You should now see the X1 and X2 interfaces under the Default LB Group. Click the pencil button under configure for the X1 interface.SonicWALL Dual ISP
  9. A more dynamic configuration is by use of the “Logical/Probe Monitoring enabled” option. Otherwise, the failover will only occur if the physical link goes out for the primary interface. Of course, using pings to a remote device over the Internet will provide more flexibility. I have used Google.com address in my example. Do the same for the secondary interface.SonicWALL Dual ISP
  10. Once the probes begin to gather data, you should the target information under the Default LB group.SonicWALL Dual ISP
  11. You should now be able to test the failover functionality.