Manage failover modem in Multi-WAN setup
-
I'm planning to add a secondary LTE WAN as backup for a primary fiber WAN in failover mode via a Gateway Group. pfSense will be behind the LTE modem/router on a dedicated subnet, say 192.168.90.1 for the LTE modem router and 192.168.90.2 for pfSense.
While the primary connection is active, will I be able to access the management interface on the LTE modem/router from the pfSense's LAN-side networks (possibly with a static route for 192.168.90.1/24 pointing at the LTE WAN interface, so that traffic to 192.168.90.1 always routes through that interface, and assuming appropriate firewall rules)? Put differently, can any traffic be routed through the failover WAN interface while the primary is active?
Thx.
-
@marcg said in Manage failover modem in Multi-WAN setup:
While the primary connection is active, will I be able to access the management interface on the LTE modem/router from the pfSense's LAN-side networks
Yes, this will be possible without any special settings.
All it needs is that pfSense is the default gateway on your LAN device, what might be given anyway.The only thing to consider is if you create policy routing rules pointing to the other gateway, to exclude this destination. But this point applies also to other local subnets in general, which you have to exlude from the rule.
can any traffic be routed through the failover WAN interface while the primary is active?
You can do this with Policy Routing rules.
But keep in mind, that policy routing force all matching traffic to the stated gateway. This means, if such rule matches a traffic, which is destined to local devices, access will fail.
So you have either configure the rule in a way, so that it doesn't match (e.g. RFC 1918 alias for the destination with 'invert match' checked), or you put pass rule for allowing access to local destinations above of it. -
@viragomann thank you ... greatly appreciated!
The initial configuration will be basic. Simple failover and no policy routing.