Multi Wan sending packets through ungrouped gateway
-
Hello,
I am having an issue setting up failover for a client. They have 2 different ISPs coming into the building, and I have both of the interfaces set in a group, with one on tier 1, and another on tier 2. We also have a gateway that is located on the lan that is used to direct traffic through a vpn tunnel, but is only meant to be used with one website so static routes have been set on pfsense.
To explain better:
-WAN1-ISP1
-WAN2-ISP2
-LANGW-lan only gateway for specific sitePFSense is the only router in place, directly connected to everything. When WAN1 goes down, instead of failing over to WAN2, PFSense sets LANGW as the primary route for all traffic, causing everything to fail. LANGW isn't part of any failover groups. The router has been reset multiple times with the same affect.
Also if I manually set WAN2 as the default route, it works, and all traffic flows, so it isn't an issue with WAN2 not responding.
Attached are the images of my setup. If anyone could help me that would be amazing.
-
Ensure that your LAN to WAN firewall rules set your failover group as the gateway, otherwise it will not get used at all.
-
And it sounds like you have default gateway switching enabled, that would be why default traffic is failing over to some other gateway, in this instance the gateway on LAN. The LANGW should just be a gateway, it should not also be selected as the gateway for the LAN interface (on Interffaces->LAN). If the LAN interface config has a gateway specified, then the system will consider that a possible general way out to "the internet" and may use it when default gateway switching is enabled.