• Hello and thank you for reading.

    I have a network with 3 physical LAN networks and we just had our 2nd physical WAN connection installed.

    I need to do the following.  I could go over everything I did but I think that will just confuse the situation.

    So, here's what I need to do.
    10.10.x.x/16   <lan_1>10.15.x.x/16   <lan_2>10.20.x.x/16   <lan_3>   <wan_1>   <wan_2>Routing as follows

    LAN 1&3::   need to talk to each other

    LAN 2&3::   need to talk to each other

    LAN 1&2::   Need to use WAN_1 for internet and fail-over to WAN_2

    LAN 3::   Needs to use WAN_2 for internet and fail-over to WAN_1

    I've tried several configurations that others have done w/ good ole Google…  But, none of them are exactly what my case is.

    The best I have been able to do is setup 'Gateway Groups' and assign them to the firewall rule.  I was then able to get traffic out the WAN interface I needed but then I couldn't get to my other LAN networks.  I was able to verify via a trace route that I was going out the correct interface.  Although the throughput was horrible.  (Averaging 10% of the allowable bandwidth for the link.  testing with my laptop verified that I was able to get full bandwidth)

    I'm guessing I am missing something with regards to routing.  Any assistance would be greatly appreciated.


  • LAYER 8 Netgate

    You need to bypass policy routing when you set the gateway groups. That means, for instance, a pass rule on LAN_1 that passes traffic to LAN_3 that does not set a gateway (meaning it's set to the default gateway).

    After that you can place the rule that passes traffic to any (the internet) and sets the gateway group.

    Traffic routed to a specific gateway, or policy routed, is sent to that gateway with no further checks.