Manually configuring outbound traffic management

Outbound Multi-Link elements combine NetLinks and set options for the high availability and load balancing features.

NetLink selection for load balancing can be based on either of two methods:
  • Round Trip Time — The firewall periodically probes the NetLinks to test them for speed and selects the fastest available active NetLink for each new outbound connection. NetLink performance is measured for each new TCP connection by sending the initial SYN request to the destination through all available NetLinks. When the destination host sends the SYN-ACK reply, the NetLink that receives the reply first is used to establish the TCP connection. The firewall cancels the slower connection attempts by sending a TCP Reset (RST) to the destination through the other NetLinks.

    The fastest route is automatically selected for each connection. Information about the performance of each NetLink is cached, so no new measurement is made if a new connection is opened to the same destination within a short time period.

    To use the round trip time method, you must configure the probing settings in the Static NetLink or Dynamic NetLink properties.

  • Ratio — Traffic is distributed between all available active NetLinks according to the relative bandwidth of each NetLink. The NetLink with the highest bandwidth is assigned the largest portion of the traffic. The bandwidths of the other NetLinks are automatically compared to the bandwidth of the NetLink with the most bandwidth to produce a ratio for distributing the traffic.

    When the volume of traffic is low, the ratio of actual traffic distribution is approximate. When the volume of traffic is high, the ratio of traffic handled by each NetLink is closer to the ratio calculated from the link capacity.

You can optionally assign QoS Classes to NetLinks in the Outbound Multi-Link element to specify which traffic is routed through which NetLink. NAT rules can alternatively be used to select a particular link, but if you use QoS Classes, traffic can still fail over to other links if the selected link fails.

The same QoS class can be assigned to more than one NetLink in the same Outbound Multi-Link element to balance traffic through those selected NetLinks when those links are available. If you want to use QoS class to specify which traffic uses which NetLink, you must assign the QoS class to the traffic in an Access rule or with the QoS policies based on the DSCP codes in the traffic.

To manually configure outbound traffic management, follow these general steps:

  1. Create an Outbound Multi-Link element to group your NetLinks and define traffic management settings.
  2. In the Firewall Policy, create NAT rules for outbound load balancing.