When you configure multiple external interfaces, you have several options to control which interface an outgoing packet uses.
XTM 2 Series devices must have Fireware XTM with a Pro upgrade to use any of the multi-WAN methods except modem failover. All other XTM devices must have Fireware XTM with a Pro upgrade to use the weighted round robin or interface overflow multi-WAN methods.
When you configure multi-WAN with the Round-robin method, the XTM device looks at its internal route table to check for specific static or dynamic routing information for each connection. The route table includes dynamic routes as well as static routes you configure on the device. If no specified route is found, the XTM device distributes the traffic load among its external interfaces. The XTM device uses the average of sent (TX) and received (RX) traffic to balance the traffic load across all external interfaces you specify in your round-robin configuration.
If you have Fireware XTM with a Pro upgrade, you can assign a weight to each interface used in your round-robin configuration. By default and for all Fireware XTM users, each interface has a weight of 1. The weight refers to the proportion of load that the XTM device sends through an interface. If you have Fireware XTM Pro and you assign a weight of 2 to an interface, you double the portion of traffic that will go through that interface compared to an interface with a weight of 1.
As an example, if you have three external interfaces with 6M, 1.5M, and .075M bandwidth and want to balance traffic across all three interfaces, you would use 8, 2, and 1 as the weights for the three interfaces. Fireware XTM will try to distribute connections so that 8/11, 2/11, and 1/11 of the total traffic flows through each of the three interfaces.
For more information, see Configure Round-Robin.
When you use the failover method to route traffic through the XTM device external interfaces, you select one external interface to be the primary external interface. Other external interfaces are backup interfaces, and you set the order for the XTM device to use the backup interfaces. The XTM device monitors the primary external interface. If it goes down, the XTM device sends all traffic to the next external interface in its configuration. While the XTM device sends all traffic to the backup interface, it continues to monitor the primary external interface. When the primary interface is active again, the XTM device immediately starts to send all new connections through the primary external interface again.
You control the action for the XTM device to take for existing connections; these connections can failback immediately, or continue to use the backup interface until the connection is complete. Multi-WAN failover and FireCluster are configured separately. Multi-WAN failover caused by a failed connection to a link monitor host does not trigger FireCluster failover. FireCluster failover occurs only when the physical interface is down or does not respond. FireCluster failover takes precedence over multi-WAN failover.
For more information, see Configure Failover.
When you use the Interface Overflow multi-WAN configuration method, you select the order you want the XTM device to send traffic through external interfaces and configure each interface with a bandwidth threshold value. The XTM device starts to send traffic through the first external interface in its Interface Overflow configuration list. When the traffic through that interface reaches the bandwidth threshold you have set for that interface, the XTM device starts to send traffic to the next external interface you have configured in your Interface Overflow configuration list.
This multi-WAN configuration method allows the amount of traffic sent over each WAN interface to be restricted to a specified bandwidth limit. To determine bandwidth, the XTM device examines the amount of sent (TX) and received (RX) packets and uses the higher number. When you configure the interface bandwidth threshold for each interface, you must consider the needs of your network for this interface and set the threshold value based on these needs. For example, if your ISP is asymmetrical and you set your bandwidth threshold based on a large TX rate, interface overflow will not be triggered by a high RX rate.
If all WAN interfaces have reached their bandwidth limit, the XTM device uses the ECMP (Equal Cost MultiPath Protocol) routing algorithm to find the best path.
For more information, see Configure Interface Overflow.
When you select the Routing Table option for your multi-WAN configuration, the XTM device uses the routes in its internal route table or routes it gets from dynamic routing processes to send packets through the correct external interface. To see whether a specific route exists for a packet’s destination, the XTM device examines its route table from the top to the bottom of the list of routes. You can see the list of routes in the route table on the Status tab of Firebox System Manager. The Routing Table option is the default multi-WAN option.
If the XTM device does not find a specified route, it selects the route to use based on source and destination IP hash values of the packet, using the ECMP (Equal Cost Multipath Protocol) algorithm specified in:
With ECMP, the XTM device uses an algorithm to decide which next-hop (path) to use to send each packet. This algorithm does not consider current traffic load.
For more information, see When to Use Multi-WAN Methods and Routing.
You can connect an external modem to the USB port on your XTM 2 Series or XTM 33 device and use that connection for failover when all other external interfaces are inactive.
For more information, see Configure Modem Failover.
About Using Multiple External Interfaces