Dual WAN and Single LAN Failover - Firewall Rule not engaging?

joedr

All,

I have the following setup: WAN1, WAN2 & LAN using Load Balance and FailOver as shown below.

The situation I am having is that if I disconnect either of the WAN connectors and the gateway its marked as offline…. The firewall rule been used is still the LoadBalancer one. In essence, the other two rules in the firewall will never log traffic as shown on the second attachment (The LAN Firewall Rules Screenshot).

If I understand this correctly, if I unplug one WAN.... then the appropriate firewall rule for FailOver should be used. Am I correct on that assumption?

I did a test by disabling the the Failover Rules and unplugged one and then the other. The system used the available WAN for no interruption on both cases. Do I need the FailOver rules on the FW? I am not sure if I configured the LoadBalancer and FailOver correctly.

Please let me know what other info or screenshots are needed to ensure it is done correctly.

Thanks in advance!

![Screen Shot 2016-09-05 at 12.55.50 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-09-05 at 12.55.50 PM.png_thumb)
![Screen Shot 2016-09-05 at 12.55.50 PM.png](/public/imported_attachments/1/Screen Shot 2016-09-05 at 12.55.50 PM.png)
![Screen Shot 2016-09-05 at 12.56.30 PM.png](/public/imported_attachments/1/Screen Shot 2016-09-05 at 12.56.30 PM.png)
![Screen Shot 2016-09-05 at 12.56.30 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-09-05 at 12.56.30 PM.png_thumb)
![Screen Shot 2016-09-05 at 12.57.11 PM.png](/public/imported_attachments/1/Screen Shot 2016-09-05 at 12.57.11 PM.png)
![Screen Shot 2016-09-05 at 12.57.11 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-09-05 at 12.57.11 PM.png_thumb)
![Screen Shot 2016-09-05 at 12.57.51 PM.png](/public/imported_attachments/1/Screen Shot 2016-09-05 at 12.57.51 PM.png)
![Screen Shot 2016-09-05 at 12.57.51 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-09-05 at 12.57.51 PM.png_thumb)
![Screen Shot 2016-09-05 at 12.58.09 PM.png](/public/imported_attachments/1/Screen Shot 2016-09-05 at 12.58.09 PM.png)
![Screen Shot 2016-09-05 at 12.58.09 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-09-05 at 12.58.09 PM.png_thumb)
![Screen Shot 2016-09-05 at 12.58.27 PM.png](/public/imported_attachments/1/Screen Shot 2016-09-05 at 12.58.27 PM.png)
![Screen Shot 2016-09-05 at 12.58.27 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-09-05 at 12.58.27 PM.png_thumb)

joedr

Here is a screenshot of both rules disabled.

![Screen Shot 2016-09-05 at 2.47.56 PM.png](/public/imported_attachments/1/Screen Shot 2016-09-05 at 2.47.56 PM.png)
![Screen Shot 2016-09-05 at 2.47.56 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-09-05 at 2.47.56 PM.png_thumb)

heper

thats what its supposed todo ; traffic will 'always' match the loadbalancing rule, theres no reason for it to flow down to the other rules

you seem to be misunderstanding how firewall rules work in pfSense.
https://doc.pfsense.org/index.php/Firewall_Rule_Basics
https://doc.pfsense.org/index.php/Multi-WAN#Gateway_Groups

joedr

Understood.

Why on all tutorials and youtube videos there are three firewall rules created: one for balancing and two for FailOver if not in used?

Just trying to make sense of creating three gateway groups that are not used on the firewall LAN Rules if always will default into the loadbalancing one.

Hope this makes sense.

@heper:

thats what its supposed todo ; traffic will 'always' match the loadbalancing rule, theres no reason for it to flow down to the other rules

you seem to be misunderstanding how firewall rules work in pfSense.
https://doc.pfsense.org/index.php/Firewall_Rule_Basics
https://doc.pfsense.org/index.php/Multi-WAN#Gateway_Groups

heper

i've never watched anything pfSense related on youtube, so i don't know