2 WANs failover not working

costasppc

Have you created a gateway group and set your LAN > WAN firewall rule to use that group?

Best regards

Kostas

NORT

Thank you Kostas,

Yes i created the gateway group and set the for LAN firewall rule only, do i have to create also the firewall rules for both LAN?

Regards,

gwgrp.PNG_thumb
![lan rules.PNG](/public/imported_attachments/1/lan rules.PNG)
![lan rules.PNG_thumb](/public/imported_attachments/1/lan rules.PNG_thumb)

NORT

I also set the floating rule

DarkBeard

And how long are you waiting for this redirection to work?
It will primarily depend on the timeout of TCP sessions?
In the fall of one of the GW, sessions are broken?

NORT

Thank you DarkBeard,

Perhaps i was not waiting for the TCP SESSIONS to time out, now it is being redirected , however i can't ping or trace-route outside but i can browse and navigate on the internet.
what should be the problem with that?

Thank you guyz for your help!

heper

Rules 3-5 will never get triggered.

Only the first and second rule will ever match.
https://doc.pfsense.org/index.php/Multi-WAN#Firewall_Rules

NORT

Thank you Heper,
You comment has been really helpful, however i also want to implement the other rules down, now it is requiring me to put what i want to use at the top, so how can i use all of those rules down?

Thank you guyz for your help.

heper

@NORT:

Thank you Heper,
You comment has been really helpful, however i also want to implement the other rules down, now it is requiring me to put what i want to use at the top, so how can i use all of those rules down?

why?
has the wiki page solved your misunderstanding about your ruleset ?

there is (generally) no point in creating a seperate/multiple failover gateway_groups (like failover1_2 / failover2_1); especially so, when trying to match the same traffic.
thats like stopping at a crossroads with roadsigns pointing left saying "texas' / pointing right saying 'texas'

NORT

yes the wiki link gave me an insight!

However if WAN1 fails it redirect to WAN2, But when WAN1 is back the traffic remains on WAN2 and if WAN2 also fails it is not able to redirect to WAN1 because there is no failover2 ("That's what i think").

I also need to load-balance.

I am always grateful for your answers!

heper

@NORT:

yes the wiki link gave me an insight!

However if WAN1 fails it redirect to WAN2, But when WAN1 is back the traffic remains on WAN2 and if WAN2 also fails it is not able to redirect to WAN1 because there is no failover2 ("That's what i think").

only open sessions will remain on WAN2, new sessions will/should go over WAN1 when it gets back online.

@NORT:

I also need to load-balance.

if you need loadbalancing (=identical tiers), then you shouldn't use failover groups (=differencing tiers) in the first place …..

NORT

What a joy! now the Failover is working properly, i din't know that when the WAN 1 is back, the new session will be updated thanks again Heper!

Now the load-balancing:

If i put the load balancing rule(same tier) under to failover1 which is above on the 2nd place , is it really triggered?

rules.PNG_thumb

heper

no …. it wont get triggered......

just remove the 'adsllinkfailover1' rule & only use the 'wanloadbalancer' rule