WAN Failover FAQs

From Edge Threat Management Wiki - Arista
Jump to navigationJump to search

I installed and configured WAN Failover, but nothing is happening. What should I do?

Make sure each ISP's interface has is WAN Interface? checked at Config > Networking > Interfaces and has all of the required information properly entered. You'll also need to verify WAN Failover has tests set up for each WAN connection. If you're only using WAN Failover, you'll need to disconnect your primary WAN to get traffic to flow over the secondary. If you're using WAN Balancer, make sure your weights are set properly.

What tests should I use for Failover?

This is really up to you. NG Firewall provides four test methods - in each case, it sends out data packets and decides if the WAN is up or down depending on your specified Testing, Timeout and Failure Threshold intervals:

  • Ping Test: ping the specified IP address.
  • ARP Test: ARP for its gateway.
  • DNS Test: make a request to the upstream DNS server.
  • HTTP Test: make a connection to the specified domain name.

Is a ping test better than the HTTP test?

Yes and no - ping tests are simpler and more straight forward than the HTTP test, but some network operators block ping requests. In both cases, you should select IP addresses that are external to your network but relatively close to you. As the number of network hops increases, the chances of encountering a bad or slow link increases. When that happens, NG Firewall may interpret it as a network problem and report one of your WAN connections as failing.

I only have one internet connection. Why would I want WAN Failover?

With a single WAN connection, its obvious that you have no alternative if your internet connection fails. You can still monitor the uptime of your ISP with WAN Failover by defining a rule that will log service interruptions. If downtime is hurting you financially, WAN Failover can help you document it rather inexpensively.