@samweli

https://docs.netgate.com/pfsense/en/latest/multiwan/load-balance-and-failover.html
https://docs.netgate.com/pfsense/en/latest/routing/gateway-groups.html

@byusinger84 But the fact that pfsense may not like have multiple WANs going to the same gateway shouldn't have anything to do with the ISP not seeing the individual MACs.

How do you connect the ports towards the ISP?

I just placed a managed switch in between but I suppose any dumb switch would do. Which in fact is what the other thread had... And in both cases all the IP's are DHCP, although mine never change and my ISP needed to register the MACs...

@chpalmer said in Multiple WAN with Static IPs DHCP assigned from ISP:

This would only be true if they were trying to utilize multiWAN failover or load balancing..
1:1 NAT should work fine, which I believe is the intent here.

Ok, so then there are no other steps necessary than getting things upgraded to 10Gig...

@viragomann thank you ... greatly appreciated!

The initial configuration will be basic. Simple failover and no policy routing.

@mdonner Perhaps some pictures of your setup might help, from the Routing / Gateways and Gateway Groups pages.

Pfsense isn't really involved in traffic between devices on your LAN, so it's really strange that you would see this happening?!
Apparently you are able to access pfsense UI from a client, so do you have internet access when on the failover connection? And do the servers have internet access?

Are you using VLAN's to separate your servers from your clients??

@kashs said in Added second WAN but no traffic:

Correct. I had to remove the bridge mode and set it to DHCP in the TOM box.

Ok got it..

WAN2_5G is setup as static IP 172.16.1.2. No way to avoid double NAT but so far no issues.

For simplicity, and for further testing, I'd keep pfsense as DHCP. It really doesn't matter what IP it gets from the TMO box, and you have already created a static entry in the box based on pfsense MAC.

Here is what the traceroute shows:
7dda35d3-ecc7-4425-95f1-6c69b2e1f76a-image.png

None of these are my static IP or the ISP Gateway IP.

When you log into the TMO box, you should be able to see the settings there, for "internet". So you would see what IP and Gateway it has received from TMO. Also, entry no 5 seems to start with 72.xx which is the same as the static IP you have been given by TMO?

The static IP is correctly assigned to the WAN2_5G interface, but the WAN2_5G_GW does not get an IP. If I set it manually to the ISP GW IP, no traffice and Offline status. When I tried the static IP in the GW, it shows it as Online, but no traffic.

What Inseego router is it that you have? I did some googling and found someone having similar problems on an FX2000and all that was required would be the following.

Unplug everything on LAN side of Inseego and reboot it Set pfsense WAN2_5G back to dhcp Connect to the Inseego

https://www.reddit.com/r/tmobileisp/comments/11x7mgy/how_fx2000_in_bridge_mode_with_5g_business/

@viragomann said in Multi ISP without failover:

pfSense routes incoming traffic just to the destination IP. If the packet is destined to a LAN2 IP it will be routed to it, no matter if both LANs are defined on the same NIC or on different ones, and no matter, on which WAN NIC the packet as entered.

Ah, now I understand. Thanks :)

@viragomann
It’s a Cisco Meraki the router Site A!
But, i’m thinking now:
The traffic should be routed to 192.168.100.222, not for the gateway 192.168.100.1 (this is the router with the VPN tunnel).
In the 100.1 router have static routes for route the traffic specified throught the 100.222
Is it the same solution (change phase 2 to 0.0.0.0/24)???
Thanks again

Another thing worth mentioning is that I've tested with an old Cisco RV320 router this same setup and it worked without any issues. The only things I did on that RV320 were configure the WAN with the same parameters as the pfSense, a static route and a resolver for the FQDN of the PBX server. Hope someone can give me a hint.

I found the solution:

ProtonVPN allows alternate gateways following the format: 10.x.0.2/32
I have tested 2 through 9 (10.2.0.2/32, 10.3.0.2/32, ... 10.9.0.2/32) and they work.

Similar problem in CE2.7.2 in AGO 2024

@wojciech__
https://docs.netgate.com/pfsense/en/latest/multiwan/index.html

@frog yeah that config ;) What do you have connected to all your ports? I can not think of a sane reason to have a setup like that..

pfsense can not even ping its own interface, on pfsense? Do you have it enabled?

So you have ports 2-8 all connected to the same usw-pro? Sounds like a loop to me..

You have 2-8 all in a lagg/port channel/etherchannel/lacp - whatever unifi calls it on their end.. Did you set that up on pfsense? Why would you have all 3 of your vlans tagged on every port unless they were connected to different switches or APs, or different vm hosts?

With the info provided that setup looks wrong to me.

@kunundrum0 put your block in floating on wan outward direction.. Your prob routing through a gateway failover group. This if traffic is leaving wan 1 it would be allowed, but leaving wan 2 it would not.