WAN Failover Won't Automatically Restore Back to WAN1 on Zyxel ZyWall USG110

Options
OldFox
OldFox Posts: 15  Freshman Member
First Anniversary 10 Comments Friend Collector

My setup:

  • WAN1: Cable internet
  • WAN2: LTE router
  • Other ports: LAN1

Configuration -> Network -> Interface -> Trunk:

  • Disconnect Connections Before Falling Back: Enabled
  • User configured trunk: Wan-Fallover (Spillover, wan1=active, wan2=passive)

Configuration -> Network -> Interface -> Ethernet:

  • Enable Connectivity Check: Enabled

Not sure if this is necessary

Configuration -> Network -> Routing -> Policy Route:

  • policy next-hop wan1 has "Disable policy route automatically while Interface link down" and "Enable Connectivity Check" enabled.

Issue Summary

Upon manually disconnecting WAN1 (e.g., by unplugging the coaxial cable), the routing policy for WAN1 is automatically deactivated, illustrated by a red light icon, triggering a seamless switch to WAN2 — functioning as expected. However, reestablishing the WAN1 connection doesn't automatically reactivate the policy, leaving the system to continue using WAN2.

If you have any suggestions for resolving this issue, your insights would be invaluable.

Accepted Solution

  • OldFox
    OldFox Posts: 15  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Answer ✓
    Options

    After conducting further research, I've discovered that there are two primary methods for configuring WAN failover on a USG device:
    1. WAN Failover via trunk of a USG

    2. WAN Failover on a USG with Policy Routes

    For my current setup, I've opted for the first approach—using trunking with WAN1 set as active and WAN2 as passive. I've also enabled the "Connectivity Check" feature on the WAN1 interface, specifying a ping to 8.8.8.8 to test connectivity. This setup ensures smooth failover when I either turn off or disconnect the modem. Although unplugging the coaxial cable may not represent a typical real-world scenario, I observed activity on both WAN1 and WAN2 interfaces when reconnecting it. This leads me to assume that active sessions on WAN2 will persist on that line until they are terminated. However, I'm wondering if the "Disconnect Connections Before Falling Back" option could address this issue. I'll be eager to see how this performs in a real-world scenario.

    As for the second setup method involving Policy Routes, I've noticed that it requires setting both WAN interfaces to active mode, something I have yet to experiment with.

All Replies

  • PeterUK
    PeterUK Posts: 2,706  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited August 2023
    Options

    Hmm…what happens if you unplug WAN1 by the USG and plugging it a back in?

    My theory is unplugging the coaxial means WAN1 stays up and when you connect the coaxial back your ISP wants you to do a DHCP and maybe a new IP?

    So a feature you want to put in ideas is when ping fails the USG does DHCP till the connection comes back

    https://community.zyxel.com/en/categories/security-ideas

  • OldFox
    OldFox Posts: 15  Freshman Member
    First Anniversary 10 Comments Friend Collector
    edited August 2023
    Options

    When manually disconnecting and subsequently reconnecting the WAN1 Ethernet cable, the system performs flawlessly:

    • The system automatically failovers to WAN2 during the disconnection and seamlessly transitions back to WAN1 upon reconnection.

    However, achieving the same seamless failover behavior proves challenging when the coaxial cable is unplugged from the modem. In this scenario, the system does not detect a "WAN1 down" event since WAN1 remains connected at the router end.

    I suspect that enabling the "Connectivity Check" feature should theoretically resolve this issue. Is there something I may be overlooking?

  • PeterUK
    PeterUK Posts: 2,706  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Disable the Connectivity Check in interface and disable/enable Connectivity Check for routing only.

    So do you get a new different IP when you reconnect? Looks like you do why I said about feature you want to put in ideas about DHCP recheck on ping fail which will likely not happen with you model USG due to EOL.

  • OldFox
    OldFox Posts: 15  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Options

    Thank you for your suggestions. To clarify, which interface are you recommending I should disable the Connectivity Check on? I presume it's WAN1?

    I've followed your advice and modified my current configuration as follows:

    • Interface WAN1: Connectivity Check disabled
    • Interface LAN1: Connectivity Check disabled
    • Policy Routing from LAN1 to WAN1: Connectivity Check enabled

    Is this setup in alignment with your guidance?

    Regarding the IP, my cable modem has a static external IP. While my service provider claims it's dynamic, the IP address has remained unchanged for several years.

    Lastly, I apologize for the confusion, but could you elaborate on what you meant by "DHCP recheck on ping fail"? I'm not entirely sure how that feature would be applicable in my situation.

  • PeterUK
    PeterUK Posts: 2,706  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited August 2023
    Options

    Yes disable WAN1 Connectivity Check due to a bug you may need to disable and enable Connectivity Check for routing

    It is likely your hub/modem on disconnect from coaxial wants you to do DHCP again which the USG will not do this is why a feature to put in ideas for the routing rule when ping fails for the WAN1 to do DHCP till ping succeed.

  • OldFox
    OldFox Posts: 15  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Answer ✓
    Options

    After conducting further research, I've discovered that there are two primary methods for configuring WAN failover on a USG device:
    1. WAN Failover via trunk of a USG

    2. WAN Failover on a USG with Policy Routes

    For my current setup, I've opted for the first approach—using trunking with WAN1 set as active and WAN2 as passive. I've also enabled the "Connectivity Check" feature on the WAN1 interface, specifying a ping to 8.8.8.8 to test connectivity. This setup ensures smooth failover when I either turn off or disconnect the modem. Although unplugging the coaxial cable may not represent a typical real-world scenario, I observed activity on both WAN1 and WAN2 interfaces when reconnecting it. This leads me to assume that active sessions on WAN2 will persist on that line until they are terminated. However, I'm wondering if the "Disconnect Connections Before Falling Back" option could address this issue. I'll be eager to see how this performs in a real-world scenario.

    As for the second setup method involving Policy Routes, I've noticed that it requires setting both WAN interfaces to active mode, something I have yet to experiment with.

Security Highlight