Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

WAN Link Failover not working


We just added a secondary ISP and I set it up as a new WAN interface. A laptop plugged into it gets an IP address and can get out to the internet, so I know it is working.

I configured WAN failover (active-backup) and initially didn't modify the rules to include another IP address like So it would fail over if it couldn't contact the gateway IP of the main ISP.

When performing a test by removing the cable from the primary WAN port, it did not seem to fail over properly.

Internet connectivity was not restored through the backup gateway. I was unable to ping and eventually got a message saying it couldn't perform a DNS lookup which I thought was odd.

Now that I added the to the rule, will this work? Or are there other things needed? I don't understand how it accounts for NAT, or the VPN gateway, or anything during a failover. Are there routing or firewall rule changes too?

Edited TAGs
[edited by: Erick Jan at 12:21 AM (GMT -7) on 25 Apr 2024]