Getting started with outbound traffic management

Multi-Link for SD-WAN provides high availability for outbound connectivity so that business-critical traffic gets through even when one or more Internet connections fail.

Multi-Link distributes and balances the load of outbound traffic between multiple network connections.

Single Firewalls, Firewall Clusters, and Virtual Firewalls can balance outbound traffic between two or more network links (NetLinks) using the Multi-Link feature. NetLinks are combined into Outbound Multi-Link elements. The NetLinks can represent different types of ISP connections and they can have different speeds. The NetLinks must be added under the appropriate interfaces in the Routing tree to support Multi-Link. You can also use Multi-Link with aggregated link interfaces.

Multi-Link allows you to:

  • Balance outbound traffic between two or more alternative network links to increase the available bandwidth.
  • Ensure that outbound network connectivity remains available even if network links fail. When a network link fails, the firewall detects this and stops forwarding traffic through the failed link.

You can create multiple Outbound Multi-Link elements, and each NetLink can belong to more than one Outbound Multi-Link element at the same time. Multiple Outbound Multi-Link elements can be useful, for example, when you want a certain type of traffic to be balanced only between some of the NetLinks, and another type of traffic to be balanced between all NetLinks.

To improve redundancy, we recommend connecting each link through different physical network equipment (such as routers).

If you use element-based NAT and multiple external IP addresses, the default NAT address works like an Outbound Multi-Link and the NAT rules are automatically generated. You can also use an Outbound Multi-Link element as a NAT address in a NAT definition.

Outbound traffic management has the following limitations:

  • Multi-Link is supported on Single Firewalls, Firewall Clusters, and Virtual Firewalls.
  • VPN traffic is balanced independently from the settings covered in this configuration (when the firewall is the VPN endpoint).
  • Outbound load balancing Multi-Link is only supported for IPv4 traffic.