It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

How to Configure Failover with Multiple xDSL or DHCP WAN Connections

  • Last updated on

If you are using a mix of static and dynamic connections, or WAN connections in Standby mode, see How to Configure Link Balancing and Failover for Multiple WAN Connections or How to Configure Automatic Failover Dynamic WAN Connections in Standby Mode.

When using multiple DHCP or xDSL Internet connections from the same ISP, you must configure the connections to create the default route for each connection in a source-based route table. Use custom connection objects to determine which WAN connection is used. You can configure failover and load balancing settings in the connection object, depending on your needs.

To be able to also use failover for connections not using the custom connection object, each WAN connection is assigned a unique route metric. These routes are cloned into the default route table. Access rules using Dynamic NAT as the connection method now use the default route with the lowest metric. If that connection goes down, the route with the next higher metric is used. This is also useful as a fallback to retain connectivity even if the load-balancing access rules do not match.

Before You Begin

  • Each Internet connection requires one free port.
  • For xDSL connections, you need the connection settings provided by your provider. 
  • Configure DNS servers. For more information, see How to Configure DNS Settings.

Step 1. Configure Multiple xDSL or DHCP WAN Connections

Configure multiple WAN or DHCP connections. A unique metric must be set for each connection. The connection with the lowest metric is used as the default connection by access rules using Dynamic NAT as the connection method.

DHCP WAN Connection(s)
  1. Go to CONFIGURATION > Configuration Tree > Box > Network.
  2. Click Lock.
  3. In the left menu, click xDSL/DHCP/ISDN.
  4. In the DHCP Enabled list, click yes
  5. For each DHCP connection, click + to add a connection to the DHCP Links list.
    1. Enter a Name and click OK
    2. From the DHCP Interface list, select the interface the ISP is connected to.
      multi_dyn_WAN_03.png
    3. In the DNS section, select no from the Use Provider Domain Name list.
      multi_dyn_WAN_04.png
    4. In the Routing section, set Create Default Route to yes.
    5. Click + to add 0.0.0.0/0 to the Target Networks list. 

    6. Enter a unique Route Metric. Routes with lower metrics are preferred when a routing lookup (Dynamic NAT) is used to determine the egress interface.
      multi_dyn_WAN_05.png
    7. Click OK.
  6. Click Send Changes and Activate.
xDSL WAN Connection(s)
  1. Go to CONFIGURATION > Configuration Tree > Box > Network.
  2. Click Lock.
  3. In the left menu, click xDSL/DHCP/ISDN.
  4. In the left menu, expand Configuration Mode and click Switch to Advanced View.
  5. In the xDSL Enabled list, click yes.
  6. For each xDSL connection, click + to add a xDSL connection to the xDSL Links list.
    1. Enter a Name and click OK. The xDSL window opens.
    2. Select the Connection Type and other connection settings as specified by your ISP. For more information, see xDSL WAN Connections
    3. In the Authentication section, set Use Provider DNS to no.
      multi_dyn_WAN_01.png
    4. In the Routing section, set Create Default Route to yes.
    5. Click + to add 0.0.0.0/0 to the Target Networks list. 

    6. Enter a unique Route Metric. Routes with lower metrics are preferred when a routing lookup (Dynamic NAT) is used to determine the egress interface.
      multi_dyn_WAN_02.png
    7. Click OK.
  7. Click Send Changes and Activate.

Step 2. Activate the Network Configuration

Trigger a Failsafe network activation.

For more information, see How to Activate Network Changes.

Step 3. Create a Custom Connection Object

Create a connection object using network interfaces of the dynamic Internet connections to determine the translated IP address. xDSL connections use ppp1 to ppp4 interfaces. DHCP uses dhcp as the interface name.

multi_dyn_WAN_06.png

Fore more information, see How to Create a Custom Connection Object and How to Configure Failover and Load Balancing in Custom Connection Objects.

Step 4. Change the Access Rule Connection Method

To use the custom connection object, change the Connection Method for the access rules matching the traffic you want to load balance, or for which you want to use load balancing.

multi_dyn_WAN_07.png

Monitoring

Go to the CONTROL > Network page. For each dynamic WAN connection there is a premain source-based routing table. Also, since Clone Routes is set to yes, the default routes (with different metrics) are cloned to the default route table.

multi_dyn_WAN_08.png

Testing

Remove access to the gateway IP address used by the connection, or configure monitoring and remove access to the monitored IP address. Check the Interface column to check which egress interface is being used by the connection. When a WAN connection goes down the egress interface is replaced according to the policy in the custom connection object.

multi_dyn_WAN_09.png