Multi-WAN with Multi-ISP

This sample scenario represents using HSA to load balance (WAN bonding) multiple ISP links. Because HSA has only 1 x WAN port, so we will need to assign the LAN ports to different VLANs and connect VLAN interface as WAN ports to join Multi-WAN configuration.

  • Can use any type of WAN connection (eg. fiber, PPPoE, ISP ONT/modem)
  • Load balance traffic across all ISP links (max up to 4. But in this sample, we configured 3).

Common use cases

  • Enterprises requiring resilient multiple WAN/Internet connections
  • SD-WAN deployment for remote branches, retail outlets or bank ATM

Deployment preparation

  • Connect HSA WAN to ISP1 link (ONT or modem)
  • Connect other ISP links to LAN1 (assigned to VLAN10) and LAN2 (assigned to VLAN20)
  • Connect management PC to one of the remaining LAN port, either LAN3 or LAN4. (configure PC with DHCP, then connect to mbox GUI using http://192.168.1.1/mbox, login with root/Letmein99)


NOTE: When MWAN tracks upstream IP, it will not work with a vlan/sub interface (eg. if ping source from eth1.10, ping will fail), so it needs to source from a logical interface (eg. br-wan_vlan10). To configure this, when creating new WAN interface using vlan, we enable it as a bridge interface (eg. check on "creates a bridge over specified interface(s)"), this will auto create a logical bridge interface for this ISP link (eg. br-wan_vlan10). However, when WAN is a bridge interface, we must disable the LAN ports as bridge (which is default), because HSA will not allow traffic to route between two bridge interfaces (despite firewall rules config).

So two main tricks to take note:

    1. create the 2nd/3rd WAN interface as bridge interface while mapping to their vlan interface
    2. disable default br-lan interface.


2-Step deployment from sample config

  1. download sample config for HSA3-MultiISP-MWAN
  2. follow this video guide to deploy HSA by restoring from sample config

Sample config default settings

  • the WAN ports are pre-configured to get dhcp IP from ISP ONT/modem (or upstream router). If you need to change interface IP/route, please follow this guide.
  • the MWAN configuration assumes equal speed between all ISP links. If they're different, please adjust weights for the respective connections.

NOTE for older/used box

    1. upgrade your HSA box to firmware version 20181220-0100, and above (follow this guide to upgrade firmware)