How To Add Active or Backup Gateway and

Configure Load Balancing and Failover

Applicable to Version: 10.00 onwards

Today organizations require stable, redundant and fast ISP links to run business critical applications.
To achieve constant and secure availability to the Internet and to avoid network vulnerability,
organizations prefer to have multiple ISP links. Multiple ISP links provisions network administrator to
configure failover and load balancing over Internet links.
Cyberoam supports load balancing and failover for multiple ISP links based on number of WAN ports
available in the Appliance.
This document explains procedure to add secondary ISP link and configure load balancing and
gateway failover with the following sections:

Add a New Gateway

Load Balancing and Failover (Active-Active)
Configure Backup Gateway (Active-Backup)
Configure Gateway Failover

Network Scenario
Consider the hypothetical network in which one ISP link is terminated on Port B and Administrator
wants to terminate another ISP link on Port D.

IP Schema
Below given IP schema is configured on Cyberoam.

How To Add Active or Backup Gateway and Configure Load Balancing and Failover

Parameters

Value

Port A
IP Address

10.10.1.1

Subnet Mask

255.255.255.0

Zone

LAN

Port B
IP Address

172.16.16.1

Subnet Mask

255.252.240.0

Zone

WAN

Gateway Details
ISP Name

Default

IP Address

172.16.16.15

Port C
IP Address

10.10.10.1

Subnet Mask

255.255.255.0

Zone

DMZ

Port D
Port D is an unbound port so zone type for port D is set to None
DNS Configuration
Primary DNS

4.2.2.2

Add a New Gateway

Pre-requisite
An unbound physical port should be available on Cyberoam. An unbound port is one, which is not
assigned to any security zone.
Configuration
The entire configuration is to be done from Web Admin Console with user having Administrator
profile.
Step 1: Add a New Gateway
Go to Network Interface Interface and look for the unbound physical port i.e available on
Cyberoam.
As per the network diagram described above in this article, Port D is available.

How To Add Active or Backup Gateway and Configure Load Balancing and Failover

Physical Interface, Port D an unbound physical port is configured with the below mentioned
parameters:

Parameters

Value

General Settings
Physical Interface

PortD

Network Zone

WAN
Select Zone to which Interface belongs

IP Assignment

Static
Static IP Addresses are available for all the zones

IP Address

10.10.2.1

Subnet Mask

255.255.255.0

Primary DNS

203.88.135.194

Secondary DNS

4.2.2.2

Gateway Details
Gateway Name

Cyberoam_1

IP Address

10.10.2.19

How To Add Active or Backup Gateway and Configure Load Balancing and Failover

Click Ok and the Interface will be updated successfully.

Step 2: Check Gateway Status
If the gateway is added successfully, it will be enabled automatically and its status would be Active
and weight as 1.
You can confirm the gateway status from Web Admin console, Network Gateway Gateway
page.

Load Balancing and Failover (Active-Active)

As the newly added gateway Cyberoam_1 is operating as Active gateway, Cyberoam will
automatically distribute the traffic between both the links. Cyberoam employs weighted round robin
algorithm for load balancing to enable maximum utilization of capacities across the various links.
To achieve failover for the Active-Active gateways, one has to define the failover condition for each
gateway.

How To Add Active or Backup Gateway and Configure Load Balancing and Failover

In the considered example, if the Default gateway goes down and failover condition is defined then
the entire traffic will be processed by the Cyberoam_1 gateway and vice versa.
Please refer Configure Failover Condition section to define fail over rules for the active gateway.

Configure Backup Gateway (Active-Backup)

A gateway can be configured to operate as a Backup gateway. Backup gateway comes up when any
of active gateways goes down. Hence, load balancing will not be done in case of active- back up
scenario.
To configure Backup Gateway
1. Login to Web Admin Console and Go to Network Gateway Gateway and click Edit Icon
against the gateway to modify the details of the gateway.
2. Click Gateway Name (Cyberoam_1 as created in Step 2 of Add New Gateway Section) to be
configured as back up gateway.
3. Under Gateway Details section change Gateway Type to Backup and Configure Backup
Gateway Details.

Click OK and the Cyberoam_1 Gateway will be updated successfully.

Initially traffic will not pass through the Backup gateway. When any of active gateways fails then only
traffic will be routed to backup gateway with inherited weight of failed active gateway.

How To Add Active or Backup Gateway and Configure Load Balancing and Failover

Configure Failover Condition

1. Login to Web Admin Console and Go to Network Gateway Gateway and click Edit Icon
against the gateway to modify the details of the gateway.
2. Click Gateway Name to configure failover condition. By default, Cyberoam creates Ping rule
for every gateway. Cyberoam periodically sends the ping request to check health of the link
and if link does not respond, traffic is automatically sent through another available link. Click
checkbox to enable default failover rule.
3. Click Add to add multiple failover conditions in the Failover Rule and Configure Failover Rule.

Click OK and the Gateway Failure Rule will be updated successfully.

Configure host must be represented by the computer or Network device which is permanently running
or most reliable.
4. In below screen shot active gateway has been failed and entire traffic is routed through back
up gateway Cyberoam_1.

During a link failure, Cyberoam regularly checks the health of a given connection, assuring fast
reconnection
when
Internet
service
is
restored.
When the connection is restored and gateway is up again, without the administrators intervention,
traffic is again routed through the Active gateway.
Document Version: 1.0 02/12/2011