Zyxel Nebula WAN Failover – WAN2 Still Active Despite Policy Route to WAN1
Freshman MemberI’m using Zyxel Nebula with WAN failover enabled - WAN1 is set as the primary, and WAN2 as backup. I’ve also configured policy routes to ensure all LAN traffic (from 10.10.0.0/24 and 172.20.5.0/24) goes out via WAN1, plus a catch-all route for any other traffic to use WAN1 as well.
Despite this, I’m still seeing WAN2 being used intermittently. Load balancing is not enabled, and the device is in failover mode - so in theory, WAN2 should remain idle unless WAN1 fails.
Does anyone know why WAN2 is still seeing traffic? Is this expected behavior for system/management traffic in Nebula? And if so, is there a way to force all traffic (including system) through WAN1 unless failover is triggered?
All Replies
-
Nebula may have limitation vs on site so I'm not sure of the differences
If you route given traffic out a given WAN when that WAN fails it will not go to WAN2 thats how I know it to be so you need the routing rule with ping check so that when ping fails you have another rule below to route to WAN2
Zywall may use either WAN with on site you can route Zywall FQDN *.myzyxel.com and *.zyxel.com to go out a given WAN works good on old models but not so well on FLEX H
0 -
Hello,
In Nebula
Log in to the Nebula Control Center.Navigate to Security Gateway > Configure > Routing.
Enable the "Connectivity Check" option.
Specify the target IP or domain for the health check (e.g., 8.8.8.8 or www.google.com).
Configure the check interval, timeout, and fail tolerance as needed.
Save the configuration.
On-Site (USG FLEX)
Access the device's web interface.For policy routes:
Go to Configuration > Network > Routing.
Add a new policy route.
Specify the source, destination, and service criteria.
In the "Next Hop" section, select the desired WAN interface.
Enable the health check option and configure the target IP and parameters.
For WAN trunking:
Navigate to Configuration > Network > Interfaces > Trunk.
Create a new trunk group with the desired WAN interfaces.
Configure the load balancing and failover settings.
Save and apply the configuration.
Best Regard,
Lora
0 -
it could be a small amount of traffic of ARP, or PING packet to keep connection between WAN2 and its gateway.
You can capture packets on WAN2 to check what's the traffic about.0
Guru Member
Zyxel Employee
Categories
- All Categories
- 430 Beta Program
- 2.6K Nebula
- 163 Nebula Ideas
- 112 Nebula Status and Incidents
- 6K Security
- 351 USG FLEX H Series
- 291 Security Ideas
- 1.5K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 42 Wireless Ideas
- 6.6K Consumer Product
- 261 Service & License
- 407 News and Release
- 87 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.9K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 82 Security Highlight
