Multi-WAN configuration only becomes available when more than one WAN network is enabled.
You can configure how multiple connections handle internet traffic. There are two modes:
- Load Balance
The number of WAN connections is limit to 2 on the Firewalla App.
The multi-WAN setting is only available if you are running in "Router Mode".
Failover mode is intended to ensure the availability of the internet connection, where you can use a standby network to take over when the active connection fails.
Active & Standby State: When both connections are enabled, the Primary WAN will be active, and the other one will be standby. If the active connection fails, the standby will become active to maintain uninterrupted internet connectivity.
Primary WAN: The Primary WAN will be active when both connections are available at the same time.
Auto Failback: When the primary connection fails, the standby WAN takes over. If Auto Failback is enabled, the connection will failback to the Primary automatically when it resumes.
If you want to "lock/pin" certain traffic to go to a certain WAN connection, you can create a "route" for it, so that when this WAN is down, the traffic matching the "route" will be dropped instead of failover to the back WAN.
More details on Firewalla Policy & Content based routing.
Load balancing distributes network traffic across multiple networks. It helps improve the responsiveness of internet access and ensures no single network gets overloaded.
Weight Ratio: Load balance allows you to set a relative weight for each WAN connection. The weight is defined as the percentage of traffic sent through the connection.
- If one of the connections fails, the other will take over all the traffic.
- Load balancing is done at layer 3 or looking at the IP address. If your flows all have the same destination IP address, they will always flow to the same interface. (This behavior is to ensure correct behavior when dealing with banks ... and other services that check the source IP)
WAN Connectivity Test:
The criteria for deciding which WAN connection is disconnected or restored, when doing failover/failback, is the WAN Connectivity Test results.
Ping test and DNS test are used for WAN Connectivity Test. If one of the tests fails, the WAN connectivity will be considered to be lost.
- Up to 3 Ping test targets are supported
- You can edit the Ping Test Count and Success Rate Threshold.
The test will ping each of the targets several times (Ping Test Count) on every test. If the success rate is lower than the Success Rate Threshold you've set, the test will be considered as failed.
You can edit which domain is used for the test.
If DNS servers fails to resolve the target domain, the DNS test will be considered as failed.