SonicWALL Dual ISP Failover/Redundancy
By: Andre Ainsworth
Customers who view their Internet access as a critical component to their business should consider having more than one Internet Service Provider at any site considered a priority. In order to best leverage multiple ISPs, the Dell SonicWALL team makes it relatively simple to configure a firewall with ISP failover capabilities.
- This guide references a SonicWALL device running SonicOS Enhanced 220.127.116.11-4o
- Lower-end SonicWALL devices only support two ISPs
- We will assume both ISPs provide IP addressing via DHCP
- Log in to the SonicWALL device, click the “Wizards” button toward the upper right of the window. Select “PortShield Interface Wizard” then click the “Next>” button.
- Select “WAN/OPT/LAN Switch”, then click the “Next>” button.
- After seeing the Configuration Summary screen, you can now click the “Apply” button. Afterwards, close the popup window.
- At the main screen and within the left-side menu bar, select “Network”, then “Interfaces”. Next, referencing the “X2” interface, click the button that looks like a pencil under the “Configure” column.
- Change the “Zone:” field to “WAN”, then click “OK”.
- After the popup closes, and still under the “Network” drop-down menu on the left, select “Failover & LB”
- Select “X1” and “X2” and click the “Add >>” button. Click the “OK” button.
- You should now see the X1 and X2 interfaces under the Default LB Group. Click the pencil button under configure for the X1 interface.
- A more dynamic configuration is by use of the “Logical/Probe Monitoring enabled” option. Otherwise, the failover will only occur if the physical link goes out for the primary interface. Of course, using pings to a remote device over the Internet will provide more flexibility. I have used Google.com address in my example. Do the same for the secondary interface.
- Once the probes begin to gather data, you should the target information under the Default LB group.
- You should now be able to test the failover functionality.