We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X

This Firmware Version Is End-Of-Support

As of December 1st, 2018, all new sales for Barracuda NextGen Firewall X Series products have ceased. Only renewals of software and hardware subscriptions for a maximum of one year are available for a limited time. December 1st 2019: All Barracuda Firewall X-Series sales will cease; neither new sales nor any renewals will be available. If you currently hold a maintenance and support contract, you will continue to receive our award-winning support and services until your contract expires, or until the End of Life definition as described in the End of Support and End of Life Information.

Link Balancing and Failover

  • Last updated on

On the Barracuda NextGen Firewall X-Series, you can configure inbound link balancing, outbound link balancing, and outbound link failover. Link balancing is also sometimes called 'link aggregation'.

Outbound Link Balancing and Failover

To achieve outbound link load balancing, create a connection object that balances the traffic among multiple links. Then use this connection object in the firewall rules that direct outgoing traffic. The connection object specifies what happens if multiple links are configured. Options include:

  • If one interface becomes unavailable, the traffic fails over to the next available link in the sequence.
  • Use a set of interfaces in weighted round robin fashion. You can specify the weights for each interface in the connection object.
  • Randomly choose one of a list of interfaces.

Inbound Link Balancing and Failover Using DNS

You can use DNS to balance inbound traffic among multiple links. Associate your domain name (or names) with multiple IP addresses, each of which represents an external interface. When the DNS request for the domain name is resolved, all of these IP addresses are included in the answer. The DNS server can vary the order of the IP addresses, and the client uses the first entry in the list to access your site. You can add multiple DNS entries with the same IP address to send more queries to the preferred WAN interface. Configure the X-Series Firewall as the authoritative DNS resolver for the domain name.

For more information, see How to Configure Authoritative DNS.

Inbound Failover and Load Balancing Using DNAT Access Rules

You can use load balancing and failover in a DNAT access rule to distribute incoming traffic to multiple internal servers. Add additional IP addresses to the network object referred to in the rule, or enter them in the Redirect list of the rule. Depending on the configuration, all traffic is initially sent to the first IP address and, if this address is no longer reachable, to the second, and so forth (fallback mode), or distributed to all IP addresses depending on the mode set in the rule: round robin or cycle.

For more information, see Example - Configuring a DNAT Access Rule.

Last updated on