Multi firewall static route failover.

Peter Nunn

Hi Guys,

I'm pretty now to pfsense and want to know if its possible to do the following.

I have two linux firewalls with ipsec tunnels, both connected to a clients network to access their private lan. They
are both passing the same subnet traffic happily.

What I need to do is hook up a pfsense gateway behind them that can failover the route to either of these firewalls if one or the other goes down.

I see here that this can be done reasonably easily for multiple WAN interfaces, but this isn't quite that use case as the wan interface is actually straight out of the pfsense gateway.

They say a picture is worth a 1000 words..

I hope that makes sense..

Can this be done? If I was using a Linux box rather than pfsense for the client gateway (for want of a better name) I have a script that can change the routing for me... and it looks as though pfsense can do this for a WAN interface, but can it be be done for any other sort of route?

If it makes any difference, there is only one /24 that needs to go across the OPT network interface.

Thanks heaps.

Peter.

netblues

@Peter-Nunn Yes, it can.
You will use two interfaces, not just one opt
Pf in multiwan can have as many interfaces as needed.
You don't need nat here.
Create a failover group with the two opt(wan) interfaces and use policy routing to send traffic there.

Peter Nunn

Thanks @netblues. I only know what half of those words mean but I'll do some digging and see what I can work out. :)

Thanks for the input. Knowing it can be done is a great start.

Peter.

netblues

@Peter-Nunn Well, this is a high level description.
You need to understand how multiwan works and adapt it to your specific needs.
Questions are welcome