User guide
Enabling the WAN Failover Option
User Guide 61
Enabling the WAN Failover Option
The WAN Failover option adds redundant support for the external
interface. With this upgrade installed, the Firebox® X Edge starts a
connection through the WAN2 port when the primary external port
(WAN1) connection fails. It is frequently used by businesses who can
not afford even a small amount of lost connection time and will pay
for a second Internet account.
No new policy definitions are required. The failover interface uses
the same policy definitions as the external interface.
The Firebox X Edge uses two methods to determine whether the
external interface connection is down:
• The status of the link to the nearest router
• A ping to a specified location
The Firebox X Edge pings the default gateway or the location
selected by the administrator. If there is no response, the Firebox
switches to the secondary external network connection.
When this feature is enabled, these actions automatically occur:
• If the WAN1 connection fails, the WAN2 port connection is
opened and used.
• If the WAN2 port connection fails, the WAN1 port connection is
opened and used.
• If both the WAN1 port and WAN2 port connections fail, the
Firebox tries both ports until a connection is made.
When the WAN2 port is in use, the Firebox does not switch back to
the WAN1 port unless PPPoE is used to assign IP addresses. After the
Firebox switches to the WAN2 port, the administrator must change
the configuration back to the WAN1 port when the connection is
restored.
If you use PPPoE, you can set an inactivity timeout that disables
inactive TCP connections during periods of inactivity. See “If your
ISP uses PPPoE” on page 47 for PPPoE configuration information. If
your external connection fails, the WAN2 port connection is started
and used. The WAN2 port is used until the TCP connection becomes
inactive (timeout). When the traffic continues, the Firebox connects
through the WAN1 port first. If a connection is made, the WAN1port