Use the Networking > WAN Redundancy > Dual WAN Settings page to segregate traffic between links that are not of the same speed. For example, you can bind the high-volume services through the port that is connected to a high speed link, and bind the low-volume services to the port that is connected to the slower link.
Load balancing is implemented for outgoing traffic and not for incoming traffic. To maintain better control of WAN port traffic, consider making the WAN port Internet address public and keeping the other one private.
Note To configure load balancing, make sure that you configure both WAN ports to keep alive. If the WAN port is configured to time out after a specified period of inactivity, then load balancing is not applicable.
1. Choose an option in the Dual WAN Settings section to specify how the two ISP links are used. The two links will carry data for the protocols that are bound to them.
• Weighted Dual WAN Settings: Distributes the bandwidth to two WAN ports by the weighted percentage or by the weighted link bandwidth. If you choose this mode, choose one of the following options and finish the settings:
– Weighted by Percentage: If you choose this option, specify the percentage for each WAN, such as 80% bandwidth for WAN1 and at least 20% bandwidth for WAN2.
– Weighted by Link Bandwidth: If you choose this option, specify the amount of bandwidth for each WAN, such as 80 Mbps for WAN1 and 20 Mbps for WAN2, which indicates that 80% bandwidth is distributed to WAN1 and at least 20% bandwidth is distributed to WAN2.
NOTE: The Weighted by Link Bandwidth option has the same effect with the Weighted by Percentage option. It just provides more percentage options than Weighted by Percentage that only provides three percentage options. For example, you can set 60 Mbps for WAN1 and 40 Mbps for WAN2, which indicates that 60% bandwidth is distributed to WAN1 and lest 40% bandwidth is distributed to WAN2.
• Based on Real-time Bandwidth: Sends traffic to the link that has the highest real-time bandwidth. Use information from your service provider to specify the base bandwidth for each link in the WAN1 and WAN2 fields.
• Failover: If a failure is detected on the primary link, then the security appliance diverts all Internet traffic to the backup link. When the primary link regains connectivity, all Internet traffic is directed to the primary link and the backup link becomes idle. By default, WAN1 is set as the primary link and the WAN2 is set as the backup link.
NOTE: When the security appliance is working in the Failover mode, the Policy-Based Routing settings will be ignored.
– Select WAN Precedence: Choose which link to use as the primary link and the secondary link. The default option is Primary: WAN1; Secondary: WAN2.
– Preempt Delay Timer: Enter the time in seconds that the security appliance will wait before sending traffic to the primary link from the backup link after the primary link is up again. The default value is 5 seconds.
• Routing Table: Uses the static routing policies to determine the types of traffic that pass through the two WAN links. For information on configuring static routing, see Configuring Static Routing.
2. Enable Policy Based Routing if you want to use policies to specify the internal IP and/or service going through each WAN port to provide more flexible and granular traffic handling capabilities. Click On to enable this feature, or click Off to disable it. After enabling this feature, click Configure to set the policies. See Configuring Policy-Based Routing.
NOTE: If you enable Policy-Based Routing, the policy-based routing settings will take precedence over the load balancing settings. Traffic matching the policy-based routing policies will be routed based on these settings. Traffic not matching the policy-based routing policies will be routed based on the load balancing settings.