Issue with Dual-WAN failover prevention

NineEyes

I need to run my SG-3100 Dual-WAN without failover. I'd take failover if failback worked but I digress... I read that failover can occur unless you check "Do not create rules when gateway is down" in System/Advanced/Miscellaneous. I experimented with this option and discovered when the ISP on port OPT1 is disconnected, none of the nodes on VLANs using OPT1 as a gateway can ping the SG-3100, or accesses its WebUI. These nodes have proper IP addresses. The nodes on VLANs using port WAN as a gateway do not experience this SG-3100 access issue during this time.

Is this expected? Is it correct behavior?

Rico

I'm using the SG-3100 for some Sites with Dual WAN Failover and some with 3-WAN or even 4-WAN Failover and Failback works as expected.
What exactly is not working for you?

-Rico

NineEyes

Sorry. When I disconnect the cable to OPT1 (connected to the modem of my second ISP), none of the VLANs gatewayed to OPT1 can access pfSense.

Rico

Do you Policy Route?
You need to bypass policy routing for other local interfaces. Make a Rule above your policy routing Rule to hit your local networks.
See https://docs.netgate.com/pfsense/en/latest/multiwan/policy-route.html (Bypassing Policy Routing)

-Rico

NineEyes

I do. I needed to add an early rule that passes traffic destined for This Firewall. With that, all is good.

Thank you.