How to configure WAN Link failover in Sophos XG firewall?
High availability is one of the most important things in the networking world. There are many verities of high availability in networking and this article explains to you about configuring WAN Link failover(Redundant ISP). Most companies using more than one ISP link to maintain high availability in their company network. In this article, all the configurations belong to the Sophos-XG firewall.
Connect to the Sophos-XG firewall using the web interface. (https://<firewall-ip>:4444)
In the web interface click the “Network” link on the left side of the navigation.
Now you can see all the network configurations on firewalls including port IP addresses and zones that ports belong. First of all you need to have two WAN links like the following.
If not, Simply you can add a port into the WAN zone. Zone refers to set of ports or a port group. eg:- WAN zone is all ports that belong to WAN connections.
Then click “WAN link manager ” on the top. Now you can configure the WAN link failover feature. The following configs for my practicals and not real ones.
Now click the small pencil icon in the “manage” field and then config settings will appear for that specific WAN link like the following.
In my example I made WAN link A as an active gateway and WAN link B as a backup gateway. The weight filed is another important thing. That refers to how traffic share between two WAN links. 1:1 means traffic is sharing 50:50% between them. XG Firewall is using weighted round-robin algorithm for load balance between the WAN links. Configs for WAN link B as follows.
Select your second gateway as backup link and click save. Now all the configs are done for WAN Link failover. Normally both gateways are using to forward the traffic to WAN. If your active gateway fails, then immediately back up gateway take the responsibility to forward the traffic.
That’s all about the WAN Link failover. If you have any questions, comment below. I’ll reply to it as soon as possible.