Question: 

Why does some websites don't like/reset the connection, if a user behind VOS performs load balances of the Web traffic using two or more source IP addresses on the WAN side

Answer: 

Some websites have security mechanisms that flag or block clients that appear to be accessing their services from multiple IP addresses. Here’s why:

Fraud Prevention – Many websites associate an account or session with a single IP address to prevent fraudulent activities like account takeover, credential stuffing, or multi-account abuse.

Session Hijacking Protection – If a session suddenly jumps between two different IPs, it may indicate that an attacker is trying to hijack the session from a different location.

Rate Limiting & Anti-Scraping – Websites often enforce rate limits or use CAPTCHAs to prevent bot activity and web scraping. If requests come from multiple IPs simultaneously, it could indicate automated scraping or distributed attacks.

Geo-blocking & Compliance – Some websites restrict access based on geographical locations. If an account switches between IPs from different regions, it may trigger security checks.

DDoS Mitigation – Some security systems associate user activity with a specific IP. If requests suddenly originate from multiple IPs, it may resemble a Distributed Denial-of-Service (DDoS) attack.

Proxy & VPN Detection – Websites may flag users who switch IPs frequently, as it could indicate the use of VPNs, proxies, or botnets to bypass security restrictions or location-based limitations.

To avoid issues, some sites implement session binding, where your session remains valid only for a specific IP unless you re-authenticate. If you're experiencing blocks due to IP switching, using a consistent exit node can help.

Recommendation is to pin the traffic using SDWAN policy to using one WAN link and failover to the 2nd WAN link upon for backup only.