Products Firewalla Blue Firewalla Gold Firewalla Blue Plus Firewalla Red

Articles in this section

See more

Firewalla Feature Guide: Multi-WAN

Avatar
Support
  • Updated
Follow

Multi-WAN configuration

Multi-WAN configuration only becomes available when more than one WAN network is enabled.
You can configure how multiple connections handle internet traffic. There are two modes:

  • Failover
  • Load Balance

The number of WAN connections is limit to 2 on the Firewalla App.

The multi-WAN setting is only available if you are running in "Router Mode". 

blobid0.png       blobid1.png

 

Failover: 

Failover mode is intended to ensure the availability of the internet connection, where you can use a standby network to take over when the active connection fails. 

Active & Standby State: When both connections are enabled, the Primary WAN will be active, and the other one will be standby. If the active connection fails, the standby will become active to maintain uninterrupted internet connectivity. 

Primary WAN: The Primary WAN will be active when both connections are available at the same time.

Auto Failback: When the primary connection fails, the standby WAN takes over. If Auto Failback is enabled, the connection will failback to the Primary automatically when it resumes. 

NetworkingSettings_dual_WAN.jpg     NetworkingSettings.jpg

If you want to "lock/pin" certain traffic to go to a certain WAN connection, you can create a "route" for it, so that when this WAN is down, the traffic matching the "route" will be dropped instead of failover to the back WAN.

More details on Firewalla Policy & Content based routing

 

 

Load Balance:

Load balancing distributes network traffic across multiple networks. It helps improve the responsiveness of internet access and ensures no single network gets overloaded.

Weight Ratio: Load balance allows you to set a relative weight for each WAN connection. The weight is defined as the percentage of traffic sent through the connection. 

  • If one of the connections fails, the other will take over all the traffic. 
  • Load balancing is done at layer 3 or looking at the IP address. If your flows all have the same destination IP address, they will always flow to the same interface. (This behavior is to ensure correct behavior when dealing with banks ... and other services that check the source IP)

 

blobid2.png     NetworkingSettings_dual_WAN-1.jpg

 


WAN Connectivity Test: 

The criteria for deciding which WAN connection is disconnected or restored, when doing failover/failback, is the WAN Connectivity Test results.  

 

Ping test and DNS test are used for WAN Connectivity Test. If one of the tests fails, the WAN connectivity will be considered to be lost.

Ping Test: 

  • Up to 3 Ping test targets are supported 
  • You can edit the Ping Test Count and Success Rate Threshold. 

The test will ping each of the targets several times (Ping Test Count) on every test. If the success rate is lower than the Success Rate Threshold you've set, the test will be considered as failed. 

DNS Test: 

You can edit which domain is used for the test. 

If DNS servers fails to resolve the target domain, the DNS test will be considered as failed. 

connectivity_test.png

 

Related articles

Comments

1 comment

Sort by Date Votes
  • Avatar
    Chris Wallace

    When setup in Multi-WAN mode, it is possible to route certain devices out the ISP2 connection while all other devices route out the ISP1 connection?

    0
    Comment actions Permalink

Please sign in to leave a comment.