Firewalling or otherwise restricting some traffic to backup WAN
-
I have a pair of WAN interfaces - WAN_Zen (PPPoE link over Fibre) and WAN_LTE (Netgear LM1200 box over LTE), along with their associated gateways, and then a gateway group (WAN_Zen tier 1, WAN_LTE tier 2), with that group set as the default gateway. This all works well...
I also have some nightly backup jobs that push a batch of data to Backblaze. When the WANs are in failover mode (WAN_Zen down, all traffic to WAN_LTE) I would like this backup traffic to not be sent over WAN_LTE.
I have an alias with all the Backblaze endpoint networks in it, and I have tried setting up firewall rules on the LAN interface - LAN network to Backblaze TCP via the WAN_Zen gateway followed by an almost identical rule, not via the gateway and a REJECT target.
However this is not working as I expected...
So please could someone give me a clue how to achieve the effect I want.
Thanks
Nigel.
-
@nmeth
Create a second gateway group with inverted priorities and policy route the traffic to it. -
@nmeth Of course I have now found the answer myself...
I did not have the "Skip rules when gateway is down" checkbox checked in the Advanced/Miscellaneous/Gateway Monitoring settings.
Information is at https://docs.netgate.com/pfsense/en/latest/config/advanced-misc.html#skip-rules-when-gateway-is-down