Table of contents
- How to configure Load Balancing
- How to configure Failover
- How to calculate Weight parameter on Sophos XG
The article shows how to configure Load Balancing or Fail Over for multiple WAN lines on the Sophos XG firewall device
Active – Active (Load balancing): All WAN ports are active, and all traffic is balanced between all WAN ports. By default, the XG Firewall when adding a WAN, the new WAN will be the active mode, so the load balancing feature will be enabled automatically. XG Firewall uses a weighted round-robin algorithm
Active – Backup (Fail Over): You can configure one or more ports as Backup. This setting allows you to configure failover when one port fails
How to configure Load Balancing
When configuring an additional gateway, the load balancing feature of Sophos XG Firewall will automatically turn on between the old WAN ports and the new WAN
- Go to Network -> Choose WAN link manager -> We see the status of the WAN ports as Active and Active
- You can change the traffic through the WAN ports by adjusting the Weight of the WAN port
** Weight parameter calculation -> See section 4
How to configure Failover
Which port is Active, we will keep the configuration of that WAN port
And which port is Backup, we will adjust the configuration as follows (here I configure WAN_2 as Backup)
- Go to Network -> Choose WAN link manager tab -> Choose WAN port which you want to configure mode Backup
- In Type: Choose Backup
- In Active this gateway: Choose If WAN_1 Active gateway fails
- In Action on activation: Choose Inherit weight of the failed active gateway if you want the Backup port to run according to the Weight of the failed Active port or choose User configured weight if you want to keep the Weight of the previously configured Backup port
- In Action on failback: Choose Serve new connections through restored gateway if you want new traffic to run over the newly restored WAN line and old traffic running on WAN backup still running or choose Serve all connections through restored gateway if you want. All new and old traffic runs over the newly recovered WAN
- You can create Failover rules if you want to manually specify when to switch to another gateway
How to calculate Weight parameter on Sophos XG
This calculation shows the approriate weighting options for each gateway when using load balancing
When using two or more gateways, choosing the Weight parameter can be difficult. This computation shows how traffic is delivered matching the weight assigned to each gateway
I using 2 gateway
- w1 = weight for link 1.
- w2 = weight for link 2.
- pt = proportional traffic percentage.
- pt1 = traffic percentage for link 1.
- pt2 = traffic percentage for link 2.
I assign w1 to 3 and w2 to 1
- pt = 100 / (1+3) = 100 / 4 = 25%
- pt1 = w1 * pt = 25% * 3 = 75%
- pt2 = w2 * pt = 25% * 1 = 25%
-> 75% of the traffic will go through WAN 1 and 25% traffic will go through WAN 2