Failover issue - Switching to other ISP took about 2-3 minutes to get back our internet
lgfamisan
Newbie ✭
We are using Sonicwall NGFW TZ570. We only have issue when using the firewall when it comes to failover and load balancing. It turned out that it can't handle to switch on the other WAN interface that are working ( we are using 2 ISPs for redundancy and failover). It would take 2-3 minutes in order to get back our internet. We already tried different action for load balancing ( basic failover, spill-over, round robin, ratio) but none of them worked. Can they help us regarding for this issue?
Category: Entry Level Firewalls
0
Answers
Can you use both WANs simultaneously in normal operation [ratio mode]?
Do you have logical probing configured?
We are currently using ratio mode, each WAN modified ratio by 50% ( see the image below)
Here are the WANs that are logical probing configured:
I suggest you test this whilst watching the state of the LB status/Target columns for each interface.
I’m unable to capture the issue because when an RTO (Request Timeout) occurs, I can't access the admin GUI. Why does the RTO still occur on the firewall if load balancing is set up, which should handle or switch to other working WAN interfaces when one is down or offline?
Where are you in relation to the firewall?
If you are managing it from the LAN then you should not lose management access if any WAN is down.
If you are managing it from the WAN, then you will lose management access via any WAN that is down. You will only be able to manage it via the WAN which is up. F&LB cannot fix that!
We still can't access the GUI, even though we are connected to the LAN through the firewall when the internet is down. It takes about 2 minutes to regain access to the management interface. The main issue is why it takes 2-3 minutes for the internet to come back online, even though we have two active ISPs. Since we have configured load balancing, when one ISP goes down, the other should take over, minimizing the downtime, but it doesn't.
OK, given that information, it sounds to me like your real issue is losing contact with the firewall from the LAN, rather than, some issue with F&LB. If you can't reach the firewall from the LAN then what your WANs are doing is irrelevant.