You are on page 1of 5


How To Add Active Add

Backup Active
Gateway or Backup
for Load Gateway
Balancing and Gateway for Load
Balancing and Gateway Failover

Applicable versions: 9.5.3 build 18 onwards

Today organizations require stable, redundant and fast ISP links to run business critical
applications. To achieve constant and secure availability to the Internet and to avoid network
vulnerability, organizations prefer to have multiple ISP links. Multiple ISP links provisions network
administrator to configure failover and load balancing over Internet links.

Cyberoam supports load balancing and failover for multiple ISP links based on number of WAN
ports available in the Appliance

This document explains procedure to add secondary ISP link and configure load balancing and
gateway failover with the following sections:

Add a New Gateway

Load Balancing and Failover (Active-Active)
Configure Backup Gateway (Active-Backup)
Configure Gateway Failover

Network scenario:

Consider the hypothetical network in which one ISP link is terminated on Port B and Administrator
wants to terminate another ISP link on Port D.
How To Add Active or Backup Gateway for Load Balancing and Gateway Failover

Below given IP schema is configured on Cyberoam.

Parameters Value
Port A
IP Address
Subnet Mask
Zone LAN
Port B
IP Address
Subnet Mask
Zone WAN
Gateway Details
ISP Name Default
IP Address
Port C
IP Address
Subnet Mask
Zone DMZ
Port D
Port D is an unbound port so zone type for port D is set to None
DNS Configuration
Primary DNS

Add a New Gateway


An unbound physical port should be available on Cyberoam. An unbound port is one,

which is not assigned to any security zone.

Following are the steps to add a new Gateway:

1. Log on to Web admin console

2. Click to run the Network Configuration Wizard.

3. Under Zone and Network Configuration section, using Next button go to port D and
configure following values:

Select Use Static IP

IP Address:
Subnet Mask:
Zone: WAN

Gateway Details

ISP Name: Cyberoam_1

IP Address:

4. Click Next to proceed

5. Click to proceed further and click Finish to complete network configuration

How To Add Active or Backup Gateway for Load Balancing and Gateway Failover

It will take few minutes to save the configuration details. Cyberoam will take some time to restart,
wait for sometime before clicking the URL to access the Web Admin console.

6. If the gateway is added successfully, it will be enabled automatically and its status would
be Active and weight as 1.You can confirm the gateway status from Web Admin
console, System Gateway Manage Gateway(s) page

Load Balancing and Failover (Active-Active)

As the newly added gateway Cyberoam_1 is operating as Active gateway, Cyberoam will
automatically distribute the traffic between both the links. Cyberoam employs weighted round
robin algorithm for load balancing to enable maximum utilization of capacities across the various

To achieve failover for the Active-Active gateways, one has to define the failover condition for
each gateway.

In the considered example, if the Default gateway goes down and failover condition is defined
then the entire traffic will be processed by the Cyberoam_1 gateway and vice versa.

Please refer Configure Failover Condition section to define fail over rules for the active gateway.
How To Add Active or Backup Gateway for Load Balancing and Gateway Failover

Configure Backup Gateway (Active-Backup)

A gateway can be configured to operate as a Backup gateway. Backup gateway comes up when
any of active gateways goes down. Hence, load balancing will not be done in case of active- back
up scenario.

To configure backup gateway

1. Go to System Gateway Manage Gateways

2. Click Gateway Name to be configured as back up gateway
3. Under Gateway Details section change Gateway Type to Backup

4. Configure Backup Gateway Details as per below image

Initially traffic will not pass through the backup gateway. When any of active gateways fails then
only traffic will be routed to backup gateway with inherited weight of failed active gateway

Configure Failover Condition

1. Log on to Web admin console

2. Go to System Gateway Manage Gateways
3. Click Gateway Name to configure failover condition. By default, Cyberoam creates Ping
rule for every gateway. Cyberoam periodically sends the ping request to check health of
the link and if link does not respond, traffic is automatically sent through another available
link. Click checkbox to enable default failover rule.
4. Click Add to add multiple failover conditions in the failover rule
5. Configure failover rule as per below image:
How To Add Active or Backup Gateway for Load Balancing and Gateway Failover

Configure host must be represented by the computer or Network device which is permanently
running or most reliable.

6. Click Save to save failover rule and gateway configuration

In below screen shot active gateway has been failed and entire traffic is routed through back up
gateway Cyberoam_1

During a link failure, Cyberoam regularly checks the health of a given connection, assuring fast
reconnection when Internet service is restored. When the connection is restored and gateway is
up again, without the administrators intervention, traffic is again routed through the Active
gateway. In other words, backup gateway fails back on Active gateway.

Document version:1.0-21/07/2009