WAN Failover - Connection or Interface?
I just installed a secondary Internet connection for a customer, and I set up WAN failover. Not hard to do, and I get the primary/secondary settings. No problem. But I want to clarify something:
When it says that it’s going to probe the connections is it probing the interface, or is it probing something outside that interface? The difference is this: Say the customer is using Comcast as their primary Internet connection. Now Comcast doesn’t just provide you with an Ethernet connection. They provide you with a modem, which interfaces between their cable network and your Ethernet. So if their modem goes down, that’s easy – it’s a failed connection to the primary WAN interface on the SonicWall, and that should fail over.
But what if it’s just the Comcast service that goes down? From an interface perspective, the connection is still up. There’s just no way to reach anything. But it’s not a “down” connection. So if it’s probing just the interface, it won’t fail over to the secondary WAN. OTOH, if it’s actually checking a connection to something outside, then it doesn’t matter.
So the questions are:
- Is it probing the interface or the Internet?
- If it’s just probing the interface, is there any way to make it try to hit something on the Internet, so as to make sure the failover will work properly?
Answers
@Beldin , you have two probing options, "Physical Monitoring only" and "Logical/Probe Monitoring enabled".
If you select "Physical Monitoring only", this means the probing is done at Layer 1/2, the physical layer. As long there is active connection from your WAN to your upstream ISP, it will consider this as a healthy interface.
If you select "Logical/Probe Monitoring enabled", this means the probing can be done to external resources on the Internet. You have the option to utilize TCP probing or ICMP probing for the Main Target as well as the Alternate Target. SonicWall has a server responder.global.sonicwall.com for this purpose if you want to use, but you can use other servers also.
"Logical/Probe Monitoring enabled" is the best option as it checks the health of the interface from the Internet connectivity perspective. You can find more information in the Admin Guide which you can access on https://www.sonicwall.com/support/technical-documentation.
Hey MustafaA - I have to tell you that, while your answer was ultimately correct, and therefore helpful, it wasn't very useful. Why? Because the option that you were describing is hidden under the configuration options for the WAN interface, under the Groups tab of the Failover & LB page. I went to the Administration Guide, as you suggested, and it wasn't easy to find there either. If you're going to tell someone how to do something, could you please try to give a little bit more direction? (Some of the things in the Admin Guide don't even match the actual interface anymore.)
Be that as it may, so I'm assuming that, given that I'm using one of the WAN links as the specific secondary, I only need to set up the logical monitoring for the primary. The reason being that it's that link that needs to be checked, and if it comes back, it's that link that needs to know it's back up. The backup link is only going active if the default link is down. Is that right?
@Beldin you are correct, given that you enable "Preempt and failback to preferred interfaces when possible" option as shown on the following captures.
Gen6 Firewall User Interface
Gen7 Firewall User Interface