Sophos XG: How to configure Load Balancing or Failover for WANs on Sophos XG

Table of contents

  1. Overview
  2. Diagram
  3. How to configure Load Balancing
  4. How to configure Failover
  5. How to calculate Weight parameter on Sophos XG


The article shows how to configure Load Balancing or Fail Over for multiple WAN lines on the Sophos XG firewall device

Active – Active (Load balancing): All WAN ports are active, and all traffic is balanced between all WAN ports. By default, the XG Firewall when adding a WAN, the new WAN will be the active mode, so the load balancing feature will be enabled automatically. XG Firewall uses a weighted round-robin algorithm

Active – Backup (Fail Over): You can configure one or more ports as Backup. This setting allows you to configure failover when one port fails


How to configure Load Balancing

When configuring an additional gateway, the load balancing feature of Sophos XG Firewall will automatically turn on between the old WAN ports and the new WAN

  • Go to Network -> Choose WAN link manager -> We see the status of the WAN ports as Active and Active
  • You can change the traffic through the WAN ports by adjusting the Weight of the WAN port

** Weight parameter calculation -> See section 4

How to configure Failover

Which port is Active, we will keep the configuration of that WAN port

And which port is Backup, we will adjust the configuration as follows (here I configure WAN_2 as Backup)

  • Go to Network -> Choose WAN link manager tab -> Choose WAN port which you want to configure mode Backup
  • In Type: Choose Backup
  • In Active this gateway: Choose If WAN_1 Active gateway fails
  • In Action on activation: Choose Inherit weight of the failed active gateway if you want the Backup port to run according to the Weight of the failed Active port or choose User configured weight if you want to keep the Weight of the previously configured Backup port
  • In Action on failback: Choose Serve new connections through restored gateway if you want new traffic to run over the newly restored WAN line and old traffic running on WAN backup still running or choose Serve all connections through restored gateway if you want. All new and old traffic runs over the newly recovered WAN
  • You can create Failover rules if you want to manually specify when to switch to another gateway

How to calculate Weight parameter on Sophos XG

This calculation shows the approriate weighting options for each gateway when using load balancing

When using two or more gateways, choosing the Weight parameter can be difficult. This computation shows how traffic is delivered matching the weight assigned to each gateway

I using 2 gateway

  • w1 = weight for link 1.
  • w2 = weight for link 2.
  • pt = proportional traffic percentage.
  • pt1 = traffic percentage for link 1.
  • pt2 = traffic percentage for link 2.

I assign w1 to 3 and w2 to 1

  • pt = 100 / (1+3) = 100 / 4 = 25%
  • pt1 = w1 * pt = 25% * 3 = 75%
  • pt2 = w2 * pt = 25% * 1 = 25%

-> 75% of the traffic will go through WAN 1 and 25% traffic will go through WAN 2

