WAN link manager
The WAN link manager allows you to configure gateways to support link failover and load balancing.
Go to Network > WAN link manager.
WAN gateways: When you configure a physical WAN interface on Network > Interfaces, you also specify its gateway settings based on your ISP link. If you have more than one ISP link, you can terminate each link on a physical WAN interface. The firewall sends traffic to the ISP link through the gateway configured for the link.
You can configure a gateway as active or backup. These gateways automatically appear on the WAN link manager list. The custom gateways you configure on Routing > Gateways don't appear on this list even if you assign the WAN zone to them.
WAN link load balance: This is the default route. When you select this option for the gateways in SD-WAN routes, Sophos Firewall load-balances traffic among the active WAN links.
- To view a traffic report for a gateway, click Data transfer .
- To set the time after which Sophos Firewall determines that an unresponsive link is down, enter a value in the Gateway failover timeout field and click Apply.
In configurations that use two WAN interfaces for load balancing that're part of the same subnet and use the same gateway, we recommend using LAG to avoid any routing or gateway stability issues.
In configurations that have an ISP-assigned IP address outside your gateway's subnet, you must use an alias IP address on your WAN interface that's within the ISP-assigned subnet.
Network traffic report for gateway
View the network traffic of your WAN gateway for different periods. Choose the time from the drop-down. If you select Custom, you can select a start and an end date. Click Show to update the graph and the table.
The data in the graph updates hourly, while the data in the table updates daily.
Active-backup configuration for failover
You configure one or more gateways as backup gateways. You can achieve WAN link failover using an active-backup configuration.
Using failover, you can minimize the chance of service disruption and ensure always-on connectivity to the internet. When a link fails, the firewall reroutes traffic to the available backup gateways, distributing traffic among the links according to their assigned weights. During failover, the firewall monitors the dead link's health and redirects traffic to it when it becomes available.
Active-active configuration for load balancing
You can achieve WAN link load balancing using an active-active configuration.
Sophos Firewall balances traffic among the active gateways. By default, it adds a new gateway as an active gateway. So, load balancing automatically occurs between the existing and newly added ISP links. Sophos Firewall uses a weighted round-robin algorithm for load balancing, distributing traffic among the ISP links based on the weight specified for the links.