Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing through a gateway that is down, bypassing policy routing

    Routing and Multi WAN
    2
    3
    446
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pfpv
      last edited by

      I have a multi-WAN/gateway setup with failover. We had a major provider outage yesterday, so the backup WAN/gateway is in use with the preferred gateway down. The provider started to restore services and some networks are beginning to be reachable but some are still unreachable. The IP I use to monitor the gateway is still not pingable, so the gateway stays down. But by doing ping and traceroute from the Diagnostics tools I can see that some outside IPs are reachable already.

      I wanted to investigate more what's reachable and what's not from a PC on my LAN. It's cumbersome to do from pfSense and easier from a PC. I thought maybe the IP I use for monitoring stopped responding to pings forever. I created a typical LAN rule to bypass policy routing as described here: https://docs.netgate.com/pfsense/en/latest/multiwan/policy-route.html and as I did many times before when I wanted to connect through my secondary gateway when the primary was still up. I set Interface to LAN, Source - an LAN IP of this specific PC, Destination - any, and Gateway - that primary gateway that is considered down by pfSense but it's not completely down as I described above.

      And it didn't work. I was routed through a backup gateway. I read more from the above link and it seems it's not possible to route through a gateway that is considered down by pfSense. The link above states "If that gateway is down, the rule will act as if the gateway was not set at all." There is a paragraph there "Enforcing Gateway Use". But it it boils down to blocking all traffic is that gateway is considered down by pfSense.

      Is there any way to route traffic through a gateway that is considered down by pfSense by in reality it's only "partially" down?

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @pfpv
        last edited by

        @pfpv said in Routing through a gateway that is down, bypassing policy routing:

        Is there any way to route traffic through a gateway that is considered down by pfSense by in reality it's only "partially" down?

        You can tell pfsense to consider that gateway up by disable monitoring

        monitoring.jpg

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        P 1 Reply Last reply Reply Quote 0
        • P
          pfpv @johnpoz
          last edited by

          @johnpoz said in Routing through a gateway that is down, bypassing policy routing:

          You can tell pfsense to consider that gateway up by disable monitoring

          Thanks. But I don't want to do that because that gateway will be operational and become primary. But the service is only partially restored.

          I guess the other way would be to assign Tier 1 to the backup gateway and Tier 2 to this one and disable monitoring as you suggested. But I thought there might be a way to force routing through a gateway that is down. I guess it goes against the logic.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.