WAN link load balancing and session persistence
If you've configured more than one WAN link, you can assign a weight to each link and load-balance the sessions. Additionally, you can specify session persistence to route traffic based on the persistence factor you specify.
To see the current settings, go to the CLI, click 4 for Device console, and enter the following CLI command:
show routing wan-load-balancing
Sophos Firewall load-balances traffic among gateways based on the number of sessions. The volume of data transmitted in the session doesn't affect the decision.
Suppose you have two gateways (
gw1) with individual weights of 2 and 1. The firewall assigns the first two sessions to
gw0, session three to
gw1, and session four to
To use the weighted round-robin method, do as follows:
- Go to Network > WAN link manager, select each gateway, and enter a weight.
- Go to the CLI and set the load balancing weights to IPv4, IPv6, or both.
set routing wan-load-balancing weighted-round-robin ip-family ipv4
Sophos Firewall then routes sessions based on the specified weights to all your IPv4 gateways.
If you apply session persistence, Sophos Firewall applies sticky load balancing. It performs hashing based on the persistence factor you specify and then uses modulo over hash to determine the gateway.
With session persistence, the firewall always routes traffic through the same gateway for the mapped parameter (of the persistence factor you specify). Suppose you've set the persistence factor to source IP address. If traffic arrives from
10.10.10.1, and the persistence factor and weight calculations point to gateway
gw2, the firewall routes the first and subsequent sessions from this IP address through
If your priority is to load-balance the links, we recommend that you don't select session persistence.
You can specify session persistence on the CLI for one of the following factors:
- Source IP address.
- Destination IP address.
- Source and destination IP addresses.
- Connection (source IP address and port, destination IP address and port, and protocol).
You can set session persistence to IPv4, IPv6, or both.
set routing wan-load-balancing session-persistence source-only ip-family ipv4