Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Minimizing data use on failover gateway

    Routing and Multi WAN
    2
    3
    578
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • X
      Ximulate
      last edited by

      pfSense V2.4.4p2
      Primary WAN gateway is a cable modem
      Failover WAN gateway is a Netgear LB2120 LTE modem

      For the failover WAN, we're using a "pay per 100 megabyte" service, so I'd like to minimize the amount of data sent over this connection. In the pfSense documention, there is an example of how to configure the firewall so that only select devices can use the failover WAN. I think I have all this set-up correctly, but I'm still getting some data going over the fail-over WAN when primary WAN appears to be OK. In the firewall, I've created an alias for devices that can use the failover WAN. For testing, I set the alias to an unused LAN IP address. However, the cell service still reports data being used. I'm just not sure how to figure-out why. Screenshots below. Any advice or suggestions?

      Primary Gateway:
      c147e3c8-b467-428a-afc0-9a40e40002d8-image.png

      Failover Gateway:
      a9f3a7a4-8a40-4758-b796-fb5782e33742-image.png

      Gateway Group:
      e8618349-f106-42a3-a63c-7874c7eaccf9-image.png

      Primary LAN (VLAN80 is similar):
      f6a186d7-2f87-4024-89cb-9043ba9102df-image.png

      X 1 Reply Last reply Reply Quote 0
      • X
        Ximulate @Ximulate
        last edited by

        Just to clarify, my objective here is to avoid using cellular data at all unless the cable modem is 100% down. I've tried several things to isolate where the data leak is coming from, but still not sure.

        1. Changed devFailover alias (devices allowed to use the failover WAN gateway) to an unsed IP
        2. Disabled the firewall rule allowing failover devices to leave the LAN
        3. Marked the failover gateway as down

        In these cases, my cellular service stats webpage indicates a small amount of data was used. Next, I physically removed the ethernet cable connecting the pfSense router to the cellular modem. The cellular modem is still on. So far, the cellular service stats indicate no data usage. This tell me that the router is leaking data out of the failover WAN. At this point, am am not sure how.

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          There will always be traffic from gateway monitoring (two pings per second by default) unless it is disabled. If it is disabled you will have to do without knowing if that gateway is up or down.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.