Firewall - WAN Failover using Policy Routes

When setting up sites with multiple internet connections, you might need to configure a Failover in case of one of the WAN connections dropping. This tutorial will help you setting up redundant internet connection in no time!

PLEASE NOTE: When you only use two WAN interfaces an easier and faster way might be to use a WAN Trunk for the failover!


Walkthrough Steps

  1. Log in to the unit by entering its IP address and the credentials for an admin account (by default, username is “admin”, password is “1234”)

  2. Navigate to Configuration > Network > Interfaces > Trunk and check if your WAN connections are actively in usage

    Also, if you want the backup line to go back down when the primary WAN is up again, please enable "Disconnect Connections before Falling Back" as below:

  3. Navigate to Configuration > Network > Routing and add a Policy Route

  4. Set up Incoming Interface to your local network (i.e. LAN1) and Interface WAN1 as Next Hop

  5. When pressing on "Show Advanced Setting" scroll down to "Health Check" enabling "Disable policy route automatically while Interface link down"


  1. Add a second Policy Route with Incoming Interface to your local network (i.e. LAN1) and Interface WAN2 as Next Hop

Now you have a successful WAN Failover setup. To test it, you can check via WAN-IP scanning websites such as "" or similar. Then plug out WAN1 and see if the IP address changes.



Articles in this section

Was this article helpful?
3 out of 6 found this helpful



Please sign in to leave a comment.