@marl_scot
The networks on different interfaces must not overlapping.
And I don't know any router which is capable to route with that settings.
Maybe the ISP can give some recommendations.

Two IPs within the same subnet with the same gateway is not a real failover set up for my understanding.

If the ISP refuses to change one of the subnets your only one option might be to put a router between the ISP and pfSense and nat the traffic to a different subnet.

@luckyh_de said in Multi-WAN with Backup down:

So i have to prevent any Packet to the LTE-router AS Long as primary ist okay

Hi,

The failover mechanism does not allow this, you definitely need something that, which tells the firewall that the connections are alive
(minimum GW pinger ICMP traffic)

@wblanton please give this a try: https://github.com/luckman212/wgfix and report back.

@yacud With failover and multiple tiers, it will use the Tier1 gateways until it meets the criteria of a failure (specified packet loss or latency).

Then it will route all traffic on the Tier2 gateway until Tier1 gateway is back within acceptable limits.

If you want to load balance you could set multiple gateways as Tier1 and it will split traffic between them, you can set a "weight" in the gateway options to have it balance the traffic unevenly (e.g. put 2x as much on WAN1 vs WAN2)

As far as I know, there is no way for it to know what the maximum throughput of your link is - just trying to split it evenly if you want load balancing.

The best way to do an HA deployment is it invest in the gear necessary to build it correctly. Bridging like that is generally incompatible with pfSense HA.

https://docs.netgate.com/pfsense/en/latest/highavailability/layer-2-redundancy.html

It can depend on the switch/router on the other end of the cable. For instance with Comcast routers often when replacing a router in an office (inside the Comcast router) I've found it's fastest to power off or reboot the Comcast router so it learns the IP has a new MAC. If you have the second router on, and are just plugging in cables, I would wonder if restarting the second router (or just leaving it off and powering it on) would help.

But overall CARP set up properly works basically instantly so that would be preferred. https://docs.netgate.com/pfsense/en/latest/book/highavailability/index.html

Добрый

В закладки https://docs.netgate.com/pfsense/en/latest/ Раздел "Routing and Multi-WAN"
И не забывайте на пф в General добавить явно каждому WAN-у по ДНС. Это важно.

на PfSense недавно, в этой сфере разбираюсь не очень хорошо

Коллеги.
Давайте не начинать каждый 2-й пост с "нытья" (
Как на вокзале, чес. слово, "Деньги украли, не могу 3-й год до Воронежа доехать, спасите-помогите". Просто пишите ТЗ. Этого достаточно.

Got it all up and running thanks! Eddie

Thank you @jimp

That helps clarify quite a bit. There really isn't much available about the "Skip Rules" setting.

Based on the documentation, your answers are what I expected, but I wanted to be sure.

Thanks again,
Josh