Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Static routes and gateway groups

    Scheduled Pinned Locked Moved Routing and Multi WAN
    4 Posts 3 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      decibel83
      last edited by

      Hi,
      I setted up several gateway groups to let clients to access to other networks using the MultiWAN capabilities (a MPLS connection and an OpenVPN on WAN connection).
      Clients works good, but I'm still having problems on connections generated from the firewall itself as they relies on the static routes which I cannot set a gateway group on.

      How I can solve this problem?
      How I can use a gateway group for static routes?

      Thank you very much!
      Bye

      1 Reply Last reply Reply Quote 0
      • K
        kpa
        last edited by

        As far as I know you can't because none of the PF tricks that are used for policy routing and gateway groups work on traffic initiated by the firewall itself.

        1 Reply Last reply Reply Quote 0
        • D
          decibel83
          last edited by

          @kpa:

          As far as I know you can't because none of the PF tricks that are used for policy routing and gateway groups work on traffic initiated by the firewall itself.

          So I cannot have failover on the firewall itself?
          This is a problem for the domain ovverides rules on the DNS forwarder, for example.
          I cannot think that I need to manually switch the static routes whenever the primary gateway goes down.
          There should be a way to manage this! What if I have tons of routes?

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            In that case I would not use the built-in DNS forwarder. I would put a DNS server on LAN and use that so it could be properly policy routed.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.