Internet Load Balancing and Failover for Multiple ISP Links

Controlling traffic is a key facet of internet management. Sometimes primary connections will go down. Or too much traffic may cause congested links or overwhelmed devices to become unusable. We wrote about the implementation of load balancing in the cloud in a 2017 blog post. When people think of load balancing, they usually think about traffic that is inbound to the server or a network. But what about traffic that goes outbound from the client or internet user or your office? The wide area network (WAN) or internet links going from a site to multiple internet service providers (ISP) can also be load balanced. While Total Uptime does not provide this type of outbound load balancing, we’re often asked for our recommendations on this subject. So continue reading if you too are looking for a solution.

The Need for Redundancy

As individuals, we have all become dependent on the internet. But for some businesses, uninterrupted internet access is mission critical. Outbound load balancing is bound up with the requirement for failover protection. Of course, balancing ISP links means that there are two or more internet connections in place. (The term outbound may be a misnomer, since the internet connections established through ISP links are actually bi-directional.)

Failover means that when the primary connection is down, the secondary connection takes over.

Failover means that when the primary connection is down, the secondary connection takes over. If two ISP links are set up so that the primary link takes 100% of the traffic, then there is no load balancing implemented. Load balancing may be weighted 80%-20% or 50%-50%, or set up using any of the other load balancing methods discussed in F5’s white paper “Load Balancing 101: Nuts and Bolts”. But no matter the load balancing configuration, failover works the same way. The remaining active link (or links) takes over the traffic from the failed link.

Load Balancing the Internet

The principles of load balancing remain the same in any environment, although the circumstances and implementations will vary. Internet service providers use balancing strategies to handle fluctuating amounts of inbound internet traffic, and load balancing the cloud has its own peculiar aspects. The matter at hand, load balancing multiple ISP connections, can be done very simply using GUI selections in many off-the-shelf appliances. But it can also be accomplished the old fashioned way, using routers or Linux servers that are manually configured.

There are different reasons for ISP load balancing. One ISP may be considered more efficient or less expensive than another. Load balancing at 100%-0% is virtually the same as failover. Some solutions may provide additional parameters in their software.

Survey of Load Balancing/Failover Options

Total Uptime provides inbound load balancing as part of our service offerings. We thought it also might be helpful to inform our customers about outbound load balancing solutions. We offer this survey as an introduction to low-cost products or solutions that might meet your needs. The following should not be considered a complete list or a comprehensive description of the solutions. You can do more research on your own.

NOTE: The product models listed are only examples. There may be other devices or solutions in each manufacturer’s product line that also handle load balancing and failover. Some vendors, like Cisco, may have many solutions to choose from.

Cisco ASA

Cisco ASA

The Cisco ASA has been around for quite some time and is a popular SMB and Enterprise device. This appliance-based firewall supports redundant or backup ISP links in an active/standby configuration. Older editions like the ASA 5510 to the newer 5500-X Series running software Version 9.x or later easily support this feature. This article discusses the configuration in detail.

Cisco Routers

Cisco Router

If you have a Cisco router at the edge of your network such as an ASR, ISR or even an older generation like a 1900, 2900 or 3900, there are two options for you to consider. The first is implementing IP SLA to monitor your ISP links and make automated route changes based on the Jitter, Packet loss, connectivity and more. This is the more rudimentary approach and appears to be a licensed feature, so it may not be included by default. Another option is to consider is doing what the big boys do, deploy multihoming with BGPAccording to Techopedia, “multihoming helps load balancing and allows a network to work with the lowest downtime”. Connecting a single host computer to multiple networks can increase reliability and improve performance. This method is dependent on a dynamic routing protocol such as BGP and should be possible with any router that handles the protocol, of which there are many.

Juniper Routers and Firewalls

Juniper SRX Firewalls

One of our personal favorites is Juniper. We use their MX series routers here at Total Uptime, and the MX series (like other routing platforms they offer) support BGP. So if you’re inclined to go that route, like Cisco, you can multihome to two or more ISPs who support that routing protocol for the ultimate in ingress and egress redundancy.

But it is important to note that their SRX Next-Generation Firewalls also support dual ISP links with failover so if you only need a simple firewall, it is an excellent choice as well.

Fortinet FortiGate

Fortinet Fortigates

Fortinet manufacturers a long line-up of firewalls and from our research, they all support multiple WAN connections from the 60-E and up. In their online documentation called The Fortinet Cookbook, the manufacturer offers a recipe for Redundant Internet Connections.  The FortiGate device is considered a next-generation firewall (NGFW) by the company. It can combine connections from two internet service providers (ISPs) into a single firewall. The steps include setting up WAN Link Load Balancing (LLB) using the device’s GUI. Then it’s possible to use weighted settings and other parameters to create a Load Balancing Algorithm. Fortinet offers more information on various methods of load balancing in a help page called WAN link load balancing.

One of the neatest features we’ve seen is the native ability to plug in a 4G LTE USB dongle to provide WAN connectivity where other traditional connections like Cable, DSL or Fiber options are not available.

Barracuda NextGen Firewall

Barracuda Nextgen Firewall

Barracuda offers a way to balance traffic among multiple links with their next generation firewalls. . You can learn more about it on the page How to Configure Outbound Load Balancing and Failover in their Barracuda Campus documentation. The instructions show how NAT and multilink policy are implemented to balance the load. You can also assign a metric to each ISP connection.

You may also want to check out the Barracuda Link Balancer which claims to offer cost-effective Internet Performance and Availability by dynamically balancing traffic across multiple ISP links.

Check Point UTM-1

Check Point UTM

The UTM-1 Edge Series is a product family offered by Check Point. Their documentation for Configuring WAN Load Balancing says that by default the UTM-1 routes all traffic to the primary connection. That can be altered by using a routing rule.  You can also assign weights to the ISP connection to automatically distribute the load. You can learn more about Check Point ISP redundancy here.



According to SonicWall, there are several devices that support load balancing and failover including their next-generation firewalls from the SOHO model all the way up to the TZ600. They also support using 4G LTE as an optional WAN connection too.


Mettle Networks

Outbound load balancing is a standard feature in all Mettle SE devices sold by Mettle Networks. We picked the first one on their list. Mettle Networks recognizes that one link to the internet is just not enough for some businesses. And they say that their load balancing is done in a “bandwidth-aware” way. The Mettle SE includes VLAN support.


Untangle NG Firewall

The Untangle NG Firewall appliance was recommended by several techs on various discussion boards. The company also has a WAN balancer app that you can try with an online demo.




At the risk of leaving anybody out, we’ll list a few more options below. You can investigate further on your own, or look around for a solution not included here.

  1. Peplink
  2. Ecessa Powerlink
  3. Sophos UTM
  4. Draytek
  5. Pfsense (open source software)


Some Considerations

The platform that you select will depend a lot on capabilities and resources within your company. You may have some of this equipment lying around unused that you could repurpose for ISP load balancing and failover. Or you may know where to get your hands on it for a good price. What about expertise? Maybe you already have in-house expertise on certain platforms. Or it may be that managers in your company swear by a certain vendor and won’t buy anything else.

Then there is ease of use and price. If you’re looking for an easy way, then you’ll want to pick up one that has a simple graphical interface for setting up your ISP connections.  If you’re on a budget, then you need to make sure that you don’t overbuy and get a sophisticated and expensive router when all you need is a basic appliance.

Don’t Forget Inbound

Total Uptime has you covered for inbound load balancing and failover. While these appliances are designed to keep staff online and accessing the Internet (outbound traffic), any on-premise hosted applications such as a website or mail server will still become inaccessible unless you have a means to update DNS automatically and/or redirect traffic destined to one ISP link to another.


This is not meant to be a full-fledged product review. The author of this blog post does not have a decked-out lab along with the supply of product demos from eager vendors. The information here has been gleaned from various vendor sites, discussion boards, and articles online. In the whole scheme of networking, setting up redundant ISP links and making them share the load shouldn’t be too difficult an assignment. It all depends on your technical background coupled with your courage to figure it out. But based on our experience, there’s always a way to make things happen — even if it’s a workaround. In this case, there’s more than one way to make the best of a pair of ISP links.

Know of any other devices that support multiple WAN or ISP links? Let us know and we’ll update this post.

Prevent your next outage now!


Other articles you might like to read: