Dual WAN Setup on XG-7100

Rico

You need to separate your switch Port(s) first: https://www.netgate.com/resources/videos/configuring-netgate-appliance-integrated-switches-on-pfsense-244.html

After that it is the default pfSense MultiWAN Configuration:
https://www.netgate.com/docs/pfsense/routing/multi-wan.html
https://www.netgate.com/docs/pfsense/book/multiwan/index.html
https://www.netgate.com/resources/videos/multi-wan-on-pfsense-23.html

-Rico

bartekmao

@rico thanks a lot!

wintok

I have the same problem as well. I tried dual wan being wan (default 4090) as the first wan connection, and for the second wan I created another vlan 4092 and assigned port members 2,9t,10t, and removed port 2 from vlan 4091.
Then enabled the interface , setup rules, add gateway groups. and it did not work. The second wan connection is offline ..not sure why ... see my configs below

any suggestions ?

stephenw10

What we can see looks correct. We don't see the vlan 4092 interface setup.

The gateway IP (which looks like a private IP that doesn't need to be obscured) might not respond to pings. Can you ping out to some public IP choosing that WAN as source?

Steve

wintok

Thanks stephew10 for your reply. Now that I manually set it the Monitro IP for second wan connection (ocean link) the status is still offline while RTT, RTTsd , and Loss values some activities going on.

For the second WAN connection my ISP has assigned me private , and I already made request for my truly public IP.

So having the true public will solve the issue ?

Rico

Show your WAN Interface configuration via screenshots.

-Rico

stephenw10

What is the Oceanlink WAN, what tyep of connection. You are showing zero packet loss but 650ms lattency.

If it's some sort of wireless link you might just need to tune the monitoring parameters to match it.

Steve

wintok

It is a wireless link to our ISP here , about 100 meters away from our office. I think there is another issue , ISP block ICMP protocol , and the ping to the oceanlink gateway blocked , and I asked them last yesterday to allow ping and they did. I checked this morning in pfsense Status->Gateways and there were both online. The 650 ms latency is our normal internet speed from both ISPs here, very slow but we have no choice.

Now that both gateways are online I tested to see if load balance worked by disabling the other gateway (ATHKL) and it did'n work. There are no internet at all. Pfsense did realize that one gateway has gone and jumped to Oceanlink but no internet access.

stephenw10

If 650ms is normal for that link then tune the latency values for dpinger by editing the gateway. That way it will only throw an alarm if latency rises unexpectedly high.

How are you using the load-balance gateway? Let's see the rules where that is set.

Steve

wintok

I use load balance
Floating rules below

Gateway status

wintok

Hi naalpv

The link did not work. I wonder how you actually did it. Can you fix the link so we can see what configurations you made

wintok

First Wan connection configurations (default 4090)

Second WAN connection

stephenw10

What it that floating rule applied to?

wintok

floating rules applies to Lan + other vlans created. Beside the floating rules I also set each vlans to use groupgateway instead of the default.

see below for one of the vlans I created

stephenw10

Hmm, that floating rule cannot be applied correctly. There are no states and no traffic recorded against it. Instead evetything is hitting the rule on the interface.
However that should work for load-balancing as long as clients are using some DNS server other than Unbound in pfSense.

Does it load-balance correct when both WANs are up?

Steve

wintok

@stephenw10 Are you suggesting to force vlans to use Unbound (pfsense) as the primary DNS and block outside DNS request ?

stephenw10

No. I'm saying that if you were doing that then Unbound itself always uses the system default route which will not failover.
But since you're not doing that it shouldn't be a problem.

I think you need to confirm both WANs are in fact working. Make sure you can ping out of both from Diag > Ping.

Set a policy route for just WAN2 for one test client IP in LAN and make sure that can still get out and is in fact using WAN2.

Steve

wintok

@ragnarXYZ

Hi
did you manage to setup dual WAN on XG-7100 ? I have not been able to do dual wan setup and I'm about to throw away my new xg-7100 box and switch back to dell server which have 5 physical interfaces since it is my easier to do on it than XG-7100.

If you did can you kindly share your knowledge on this ?

I try this link and it brings me to another side ...

http://naalpv.tk/memo/2018/08/24/pfsense-configuration-dual-wan-avec-xg-7100

stephenw10

Ragnar has not logged in since Aug 2018 so I think you may be waiting a while!

What part are you stuck on? What's not working?

Did you get the gateway monitoring tuned so both gateways show as on-line?

The XG-7100 part of the config you already had correct. It was the gateway failover part that was working. It would be no better on other harwdare.

Steve

ragnar00

Hey! Sorry for not logging in for so long... :) @wintok and @stephenw10

So, yes I did get this running. I had 1gb up/down fiber and 1 gb/40mb up/down cable with failover running.

I've since (sadly) got rid of the cable line so I no longer have 2 WAN connections, however I'm pretty sure that I did not change the config. If you need updates @wintok I'll get some updated screenshots and post them. LMK