Issue with Dual-WAN failover prevention
-
I need to run my SG-3100 Dual-WAN without failover. I'd take failover if failback worked but I digress... I read that failover can occur unless you check "Do not create rules when gateway is down" in System/Advanced/Miscellaneous. I experimented with this option and discovered when the ISP on port OPT1 is disconnected, none of the nodes on VLANs using OPT1 as a gateway can ping the SG-3100, or accesses its WebUI. These nodes have proper IP addresses. The nodes on VLANs using port WAN as a gateway do not experience this SG-3100 access issue during this time.
Is this expected? Is it correct behavior?
-
I'm using the SG-3100 for some Sites with Dual WAN Failover and some with 3-WAN or even 4-WAN Failover and Failback works as expected.
What exactly is not working for you?-Rico
-
Sorry. When I disconnect the cable to OPT1 (connected to the modem of my second ISP), none of the VLANs gatewayed to OPT1 can access pfSense.
-
Do you Policy Route?
You need to bypass policy routing for other local interfaces. Make a Rule above your policy routing Rule to hit your local networks.
See https://docs.netgate.com/pfsense/en/latest/multiwan/policy-route.html (Bypassing Policy Routing)-Rico
-
I do. I needed to add an early rule that passes traffic destined for This Firewall. With that, all is good.
Thank you.
