WAN Link Fail-Over Configuration:
To configure Link Failover you need to use Policy Manager
Select Network > Configuration
Configure Link Monitoring
Select the "Link Monitor" tab first then select the external interface you wish to use for failover and click "Add"
Change the "Type" to DNS and enter a public DNS server and public domain to query.
It is recommended to not use Google or CloudFlare DNS servers as they have started to not respond to ping responses from the same IP Address which is probing at a set interval.
WatchGuard has its own DNS Servers which can be used. (22.214.171.124, 126.96.36.199)
Repeat the above steps for the other interface which you wish to use for failover, however, use a different DNS server IP Address and query a different domain.
Configure SD-WAN Policy
Select the "SD-WAN" tab and click "Add"
Select the interfaces to be included and choose which one is to be the primary interface using the "Move Up" and "Move Down" buttons.
It is advised that the following are set to these values:
- Loss Rate = 10%
- Latency = 40ms
- Jitter = 20ms
Set the fallback options to one of the following - most commonly used is "Immediate fallback"
Assign to a Firewall Policy
From the main policy, window select the policy which you wish to utilise failover in the event of a WAN failure. If multiple policies require failover this must be applied to each one.
Enable "Route outbound traffic using" and select the option "SD-WAN Based Routing" then select the "SD-WAN Action" which relates to the policy you created earlier.