[SOLVED]pfsense 2.3.3-RELEASE-p1 - Failover - It works only if Router power off


  • Banned

    Hi All,

    My system details as below;

    LAN : 192.168.1.1
    WAN-1 : 192.168.10.1 (20 Mbps Fiber)
    WAN-2 : 192.168.20.1 (3 Mbps Fiber)

    My Failower Configuration Steps ;

    1-) System->Routing->Gateway Groups->Add
    2-) Group Name  : WAN1-to-WAN2_Failover
    3-) WAN-1->TIER 1 + WAN-2->TIER 2
    4-) Trigger Level : Packet Loss or High Latency
    5-) Description : WAN1-to-WAN2_Failover
    6-) System->Advanced->Miscellaneous->Enable default gateway switching (Checked)
    7-) Firewall->LAN->Gateway->WAN1-to-WAN2_Failover
    8-) APPLY

    With above configuration, when i power off WAN-1's router then system realise GW1 is offline and diverting traffic to GW2(WAN-2's router) in seconds, but if i don't power off the GW1(WAN-1's router) and GW1 loses it's internet connection (i'm simply plugging off the Fiber cable from Router) then my failover configuration is not working, on the dashboard it says GW1 is Online and not swtiching to GW2.

    Am i missing something ?



  • If the upstream device is in "router" mode (you have a private "local" subnet between pfSense WAN and the router) then by default the pfSense WAN will be monitoring the local address on the upstream device. That address will still respond, so pfSense thinks that the link is working, when actually just the cable from pfSense WAN to the upstream device is working.

    Edit the gateway on each WAN and choose an alternate monitor IP - something that pfSense should be able to ping upstream. e.g. some reliable fixed address at the ISP, or Google 8.8.8.8 8.8.4.4 etc that will indicate that the "internet" is available.


  • Banned

    @phil.davis:

    If the upstream device is in "router" mode (you have a private "local" subnet between pfSense WAN and the router) then by default the pfSense WAN will be monitoring the local address on the upstream device. That address will still respond, so pfSense thinks that the link is working, when actually just the cable from pfSense WAN to the upstream device is working.

    Edit the gateway on each WAN and choose an alternate monitor IP - something that pfSense should be able to ping upstream. e.g. some reliable fixed address at the ISP, or Google 8.8.8.8 8.8.4.4 etc that will indicate that the "internet" is available.

    Yeap monitoring ip is the key, now when i plug off the fiber cable from router it's switching to WAN-2 in 5 seconds, once more thanks phil :)