Skip to content

WAN link load balancing and session persistence

If you've configured more than one WAN link, you can assign a weight to each link and load-balance the sessions. Additionally, you can specify session persistence to route traffic based on the persistence factor you specify.

To see the current settings, go to the CLI, click 4 for Device console, and enter the following CLI command:

show routing wan-load-balancing

Weighted round-robin

Sophos Firewall load-balances traffic among gateways based on the number of sessions. The volume of data transmitted in the session doesn't affect the decision.

Suppose you have two gateways (gw0 and gw1) with individual weights of 2 and 1. The firewall assigns the first two sessions to gw0, session three to gw1, and session four to gw0 again.

To use the weighted round-robin method, do as follows:

  1. Go to Network > WAN link manager, select each gateway, and enter a weight.
  2. Go to the CLI and set the load balancing weights to IPv4, IPv6, or both.

Example

set routing wan-load-balancing weighted-round-robin ip-family ipv4

Sophos Firewall then routes sessions based on the specified weights to all your IPv4 gateways.

Session persistence

If you apply session persistence, Sophos Firewall applies sticky load balancing. It performs hashing based on the persistence factor you specify and then uses modulo over hash to determine the gateway.

With session persistence, the firewall always routes traffic through the same gateway for the mapped parameter (of the persistence factor you specify). Suppose you've set the persistence factor to source IP address. If traffic arrives from 10.10.10.1, and the persistence factor and weight calculations point to gateway gw2, the firewall routes all sessions from this IP address through gw2.

Tip

If your priority is to load-balance the links, we recommend that you don't select session persistence.

You can specify session persistence on the CLI for one of the following factors:

  • Source IP address.
  • Destination IP address.
  • Source and destination IP addresses.
  • Connection (source IP address and port, destination IP address and port, and protocol).

You can set session persistence to IPv4, IPv6, or both.

Example

set routing wan-load-balancing session-persistence source-only ip-family ipv4

More resources