Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED]pfsense 2.3.3-RELEASE-p1 - Failover - It works only if Router power off

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    3 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sheshman Banned
      last edited by

      Hi All,

      My system details as below;

      LAN : 192.168.1.1
      WAN-1 : 192.168.10.1 (20 Mbps Fiber)
      WAN-2 : 192.168.20.1 (3 Mbps Fiber)

      My Failower Configuration Steps ;

      1-) System->Routing->Gateway Groups->Add
      2-) Group Name  : WAN1-to-WAN2_Failover
      3-) WAN-1->TIER 1 + WAN-2->TIER 2
      4-) Trigger Level : Packet Loss or High Latency
      5-) Description : WAN1-to-WAN2_Failover
      6-) System->Advanced->Miscellaneous->Enable default gateway switching (Checked)
      7-) Firewall->LAN->Gateway->WAN1-to-WAN2_Failover
      8-) APPLY

      With above configuration, when i power off WAN-1's router then system realise GW1 is offline and diverting traffic to GW2(WAN-2's router) in seconds, but if i don't power off the GW1(WAN-1's router) and GW1 loses it's internet connection (i'm simply plugging off the Fiber cable from Router) then my failover configuration is not working, on the dashboard it says GW1 is Online and not swtiching to GW2.

      Am i missing something ?

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        If the upstream device is in "router" mode (you have a private "local" subnet between pfSense WAN and the router) then by default the pfSense WAN will be monitoring the local address on the upstream device. That address will still respond, so pfSense thinks that the link is working, when actually just the cable from pfSense WAN to the upstream device is working.

        Edit the gateway on each WAN and choose an alternate monitor IP - something that pfSense should be able to ping upstream. e.g. some reliable fixed address at the ISP, or Google 8.8.8.8 8.8.4.4 etc that will indicate that the "internet" is available.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • S
          sheshman Banned
          last edited by

          @phil.davis:

          If the upstream device is in "router" mode (you have a private "local" subnet between pfSense WAN and the router) then by default the pfSense WAN will be monitoring the local address on the upstream device. That address will still respond, so pfSense thinks that the link is working, when actually just the cable from pfSense WAN to the upstream device is working.

          Edit the gateway on each WAN and choose an alternate monitor IP - something that pfSense should be able to ping upstream. e.g. some reliable fixed address at the ISP, or Google 8.8.8.8 8.8.4.4 etc that will indicate that the "internet" is available.

          Yeap monitoring ip is the key, now when i plug off the fiber cable from router it's switching to WAN-2 in 5 seconds, once more thanks phil :)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.