It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X

This Product is End-of-Life and End-Of-Support

End-Of-Life and End-Of-Support on December 1st, 2020: All Barracuda Firewall X-Series sales will cease; neither new sales nor any renewals will be available. If you currently hold a maintenance and support contract, you will continue to receive our award-winning support and services until your contract expires. Please see the End-Of-Life definition as described in the End of Support and End of Life Information.

How to Configure Outbound Loadbalancing and Failover

  • Last updated on

To balance traffic among multiple links, create a firewall rule that uses a connection object that you configure. This connection object references all of the links and configures how to balance the traffic among them. You can also specify one link that is used for all the traffic matching the firewall rule, as long as it is available. If that link fails, then the next link is used in its place.

Failover - Dual ISP Routing

In case one ISP connection fails, the Barracuda NextGen Firewall X-Series will automatically use the remaining Internet connection. Configure the routing metric for both connections:

  1. Go to the NETWORK > IP Configuration page.
  2. In the configurations for the primary and secondary interfaces, edit the Metric setting to specify the route priority. In a multiprovider configuration, the X-Series Firewall selects the interface with the lowest metric value for outgoing traffic, assuming that it is available. Specify a higher metric value for the secondary or backup ISP uplink. For example, use the following values for your primary and secondary interfaces:
    • Primary ISP Metric: 100
    • Secondary ISP Metric: 200
  3. Click Save Changes.
  4. At the top of the page, click on the warning message to execute the new network configuration.

Link and Loadbalacing

If you want to use both your Internet Connections to send outgoing traffic create and use a custom connection object.

  1. Go to the FIREWALL > Connection Objects page.
  2. Click Add Connection Object
  3. From the NAT Type list in the Add Connection Object window, select either Explicit (to use the IP address that you specify) or From Interface (to use the IP address of the link).
  4. In the Failover and Load Balancing section, configure the following settings:
    • Multilink Policy – Defines what happens if multiple links are configured. Available policies are:
      • None – No fallback or source address cycling. This is not what you want for this object.
      • Failover – Falls back to the first alternate addresses and interface, called Alternate 1. If Alternate 1 fails, fail over to Alternate 2 and so on. When the original link (the one configured in the top section) becomes available, the X-Series Firewall automatically resumes directing traffic to that interface.
      • Weighted Round Robin – Uses the IP addresses and interfaces configured as Alternate 1, 2, and 3, along with this interface, in weighted-round robin fashion.
      • Random – Randomly uses one of the available IP addresses and interfaces specified in this object.
    • Specify the following for each of the alternate links:
      • NAT Type – Select one of these options:
        • From Interface – Source NAT using the first IP address on the interface selected from the Interface list.
        • Explicit – Uses the IP address in the IP address field.
      • Weight – Only used for the weighted round robin policy. The weight numbers represent the traffic balancing ratio of the available links. The higher the relative number, the more the link is used. For example, if four links are configured in this object, weight values of 6, 2, 1, and 1 mean that traffic is balanced over the configured interfaces in a ratio of 6:2:1:1. As a result, 60% percent of the traffic passes over Link #1, 20% of the traffic passes over Alternate 1, 10% of the traffic is directed to Alternate 2, and 10% to Alternate 3.  
  5. Click Add.

After you have successfully created this connection object, you can go to the FIREWALL > Firewall Rules page and apply it to a rule that directs outgoing traffic.