Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

TZ670 SonicOS 7.0.0: Round-robin Load Balancing causes issues with web application sign-in/sessions

Hello everyone,

I have an issue with signing into a web application while Round-robin LB is enabled on the firewall. When I type in my credentials the application starts to load up briefly (I can see elements of the UI appear for a split second) and then goes back to the login page with an error message saying that my session expired.

This keeps happening every time I try to log in. It also (briefly) affected a couple of other web consoles I tried logging into, however it worked after 2-3 login attempts and I have not managed to replicate it yet. The affected web app is for n-central RMM software that we use.

Setup details:

  • 2 x Sonicwall TZ670 firewalls configured in High Availability setup, primary active/secondary standby
  • X1 interface - 1st WAN link
  • X2 interface - 2nd WAN link (different ISP)
  • X1 and X2 are set up for LB using Round Robin.

Testing done:

  • Tried Chrome, Firefox and Edge also on different devices.
  • Created a static route for my machine's IP to always go out X1 for external traffic -- I can now sign in without issues
  • Changed the above static route to always go out via X2 for external traffic -- I can also sign in without issues.

Seems that something about this LB is causing issues with trying to establish a session but I'm not quite sure where or what to check to be honest.

I thought it may be an issue with asymmetric routing so I enabled the support for that on both X1 and X2 interfaces but the issue persisted.

Any suggestions are welcome, I am out of ideas just now. Thanks

Tom

Category: Entry Level Firewalls
Reply

Best Answer

  • CORRECT ANSWER
    shiprasahu93shiprasahu93 Moderator
    Accepted Answer

    Hello @Tom0x00,

    Welcome to the SonicWall community.

    Since you are using Round-robin as the LB method, please make sure that the following option is turned ON.

    'Use source and destination IP address binding'

    This makes sure that the same ISP connection is utilized for a source IP communicating to a specific destination IP. I think this would help in your case.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

Answers

  • Tom0x00Tom0x00 Newbie ✭

    Hi Shipra,

    Thank you that was indeed the configuration I needed.

    It works fine now, I can log in without issues and LB is still working just fine :)

    Cheers!

    Tom

  • shiprasahu93shiprasahu93 Moderator

    Perfect! Glad things are working correctly now. Have a good one 😀

    Shipra Sahu

    Technical Support Advisor, Premier Services

Sign In or Register to comment.