To setup Failover on the Sonicwall Firewall, we first need to make sure the second WAN is setup. It can be a Static Public IP or DHCP.

1. Login to the Sonicwall and navigate to Manage > Network > Interfaces tab.

2. In our setup, our main Comcast circuit is connected to X1 (Static) and our backup Century Link circuit is connected to X2 (DHCP). Click Configure for X2. Then change the Zone to WAN and then select DHCP or Static depending on your ISP backup settings. If Static, enter all the relevant information. If DHCP, click the “Release” button followed by the “Renew” button. Click OK.

3. If using PPPoE mode, select PPPoE from the UP Assignment in Step 2. Enter your Username and Password given to you by your ISP. You can select Obtain IP or manually specific the IP if static from the ISP (same with the DNS Settings). Click OK.

4. Once you have your backup circuit configured on X2, now it’s time to setup WAN Failover. Go to Manage > Network > Failover & Load Balancing (LB). Enable “Load Balancing” at the top.

5. To configure Failover, click on the pencil icon to the very right of the “Default LB Group”. Select “Basic Failover” in the left box and then push your secondary WAN (X2) over to the right box.

6. Select “Preempt and failback to Primary WAN when possible”. This is important especially if you secondary WAN is not as fast as your main WAN.

7. Click the “Probing” tab and enter your preferred settings. In the example below, if the SonicWall appliance tests the interface every five seconds and finds the interface inactive after three successive attempts, it fails over to the secondary interface after 30 seconds. Low value ensures quick failover, however, slight internet breakage can lead to unnecessary failover/failback. if the SonicWall appliance tests the interface every five seconds and finds the interface active after three successive attempts, it fails back to the primary interface after 15 seconds.Leave the Probe checkbox unchecked.Click OK.

8. The next and most important setting that ensures proper failover is the Probing on each of the WAN interface. The SonicWall appliance can monitor the WAN connectivity by detecting whether the link is unplugged or disconnected or by sending probes to a target IP address of an “always available” target upstream device on the WAN network, such as an ISP side router. Click on the edit/pencil icon next to the WAN Interface under the LB group. Select “Logical/Probe, then in the drop-down, select “Probe succeeds when either Main Target or Alternate Target responds”. Click OK and do the same for the backup circuit.

Again, these are just our summary notes for some changes. This article is not meant to serve as an official Sonicwall tutorial or configuration instruction.

WAN Configuration –

Failover Configuration –