Dual Internet Failover Questions

viragomann

@jonathank said in Dual Internet Failover Questions:

Not only that, on my internal LAN when the cable internet drops out, I cannot get my pfSense box to load. I'm not sure if it completely locks up, if it's a DNS issue, or what.

This behavior is at least not normal.

Do you access pfSense by the IP or the host name?

Can you ping it?

What's to see in the system log, when the issue occurs?

Do you monitor both connections?
What are the monitoring IPs?

stephenw10

How is your DNS routing set up?

What is the pfSense default gateway set to?

jonathank

@viragomann said in Dual Internet Failover Questions:

@jonathank said in Dual Internet Failover Questions:

Not only that, on my internal LAN when the cable internet drops out, I cannot get my pfSense box to load. I'm not sure if it completely locks up, if it's a DNS issue, or what.

This behavior is at least not normal.

Do you access pfSense by the IP or the host name?

Can you ping it?

What's to see in the system log, when the issue occurs?

Do you monitor both connections?
What are the monitoring IPs?

So the internet glitched again (I'm in an area recently affected by Hurricane). This time I was able to reach my pfSense box. But this is at least the 2nd time this happened where when the internet glitched I couldn't reach pfSense. I'm using IP address.

What should I be looking for in the system log?

I'm not sure what you mean by monitoring both connections.

jonathank

@viragomann said in Dual Internet Failover Questions:

@jonathank said in Dual Internet Failover Questions:

Not only that, on my internal LAN when the cable internet drops out, I cannot get my pfSense box to load. I'm not sure if it completely locks up, if it's a DNS issue, or what.

This behavior is at least not normal.

Do you access pfSense by the IP or the host name?

Can you ping it?

What's to see in the system log, when the issue occurs?

Do you monitor both connections?
What are the monitoring IPs?

Primary internet dropped out again. I had been able to reach pfSense but it suddenly stopped responding. I tried pinging the IP address and no reply either.

jonathank

@jonathank said in Dual Internet Failover Questions:

@viragomann said in Dual Internet Failover Questions:

@jonathank said in Dual Internet Failover Questions:

Not only that, on my internal LAN when the cable internet drops out, I cannot get my pfSense box to load. I'm not sure if it completely locks up, if it's a DNS issue, or what.

This behavior is at least not normal.

Do you access pfSense by the IP or the host name?

Can you ping it?

What's to see in the system log, when the issue occurs?

Do you monitor both connections?
What are the monitoring IPs?

Primary internet dropped out again. I had been able to reach pfSense but it suddenly stopped responding. I tried pinging the IP address and no reply either.

Nevermind the part about pfSense not being able to connect. I now see my laptop swtiched over to the cell phone connection's wifi. So that's probably why I couldn't reach pfSense.

If you do have any suggestions as to what to check to see why the mission critical network stops during an primary outage I would appreciate it

jonathank

@stephenw10
Default gateway is the cable internet gateway? Should that be automatic?

(My fear with automatic is that the latency on the cell connection is much worse than the cable connection. So I don't want it trying to use the cell data for the non-mission critical side of the network)

stephenw10

It should probably be a failover group. Otherwise pfSense itself has no route when the cable goes down and that might include DNS queries.

viragomann

Note, that you can create multiple failover groups and use them for different purposes.

E.g.
GWGr1: WAN1 = Tier 1, WAN2 = Tier 2
GWGr2: WAN1 = Tier 2, WAN2 = Tier 1

jonathank

@viragomann @stephenw10
Thank you both for the replies. I will give your suggestions a try. Do either of you know once a Gateway Group fails over to the backup connection, how do I get it to jump back to the primary connection when it comes back online? Originally I had setup my gateway group to have the cell phone connection to only be a backup. But I found that pfSense wasn't ever switching back to the primary connection unless I unplugged the network cable from the cell phone modem to force it to fail back to the cable connection. Is there a way I can switch it via software? or even better, is there a way to make pfSense automatically switch back to the primary connection once it's working again?

Also, why would the lack of a cable internet connection (when my default gateway group was set to just be the cable connection) affect an internal IP address? I don't understand why the pfSense DHCP server would stop routing internal network traffic due to the loss of an external network connection. Any ideas? It just strikes me as strange... (I'm using the Trigger Level: Packet Loss or High Latency on the failover gateway group)

stephenw10

Its probably stuck waiting for something to timeout either because it has no default route or because it has no DNS available.

Another possibility is that the cable modem starts handing out it's own leases, that conflict with the LAN, if it loses sync on the upstream cable.

jonathank

@stephenw10
okay - thanks. I've updated the default gateway to be a new gateway group that prioritizes cable over cell phone but has the cell phone in tier 2. I'll see what that does the next time the cable connection fails.

Thanks for all the help!