Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    2 WANs failover not working

    Routing and Multi WAN
    4
    13
    1284
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      NORT last edited by

      Hello folks,

      I need help; I am new to pfsense, i have 2 WANs and 1 LAN, i want to apply load_balancing and fail_over, i am not sure if i went through all the process but i think so. This how it is:

      WAN 1:10.0.2.8/24
        LAN  :192.168.1.1/24
        WAN 2:10.0.3.8/24

      I have troubles with my pfsense adapters, only one adapter at a time is being used to provide internet but when i check the status i find the gateways on both adapters online, for that reason the "fail_over" is failing because when the principal one goes down pfsense is not able to shift to the second one.

      Any kind of help is highly appreciated.

      Thank you!

      1 Reply Last reply Reply Quote 0
      • C
        costasppc last edited by

        Have you created a gateway group and set your LAN > WAN firewall rule to use that group?

        Best regards

        Kostas

        1 Reply Last reply Reply Quote 0
        • N
          NORT last edited by

          Thank you Kostas,

          Yes i created the gateway group and set the  for LAN firewall rule only, do i have to create also the firewall rules for both LAN?

          Regards,



          ![lan rules.PNG](/public/imported_attachments/1/lan rules.PNG)
          ![lan rules.PNG_thumb](/public/imported_attachments/1/lan rules.PNG_thumb)

          1 Reply Last reply Reply Quote 0
          • N
            NORT last edited by

            I also set the floating rule

            1 Reply Last reply Reply Quote 0
            • D
              DarkBeard last edited by

              And how long are you waiting for this redirection to work?
              It will primarily depend on the timeout of TCP sessions?
              In the fall of one of the GW, sessions are broken?

              1 Reply Last reply Reply Quote 0
              • N
                NORT last edited by

                Thank you DarkBeard,

                Perhaps i was not waiting for the TCP SESSIONS to time out, now it is being redirected , however i can't ping or trace-route outside but i can browse and navigate on the internet.
                what should be the problem with that?

                Thank you guyz for your help!

                1 Reply Last reply Reply Quote 0
                • H
                  heper last edited by

                  Rules 3-5 will never get triggered.

                  Only the first and second rule will ever match.
                  https://doc.pfsense.org/index.php/Multi-WAN#Firewall_Rules

                  1 Reply Last reply Reply Quote 0
                  • N
                    NORT last edited by

                    Thank you Heper,
                    You comment has been really helpful, however i also want to implement the other rules down, now it is requiring me to put what i want to use at the top, so how can i use all of those rules down?

                    Thank you guyz for your help.

                    1 Reply Last reply Reply Quote 0
                    • H
                      heper last edited by

                      @NORT:

                      Thank you Heper,
                      You comment has been really helpful, however i also want to implement the other rules down, now it is requiring me to put what i want to use at the top, so how can i use all of those rules down?

                      why?
                      has the wiki page solved your misunderstanding about your ruleset ?

                      there is (generally) no point in creating a seperate/multiple failover gateway_groups (like failover1_2 / failover2_1); especially so, when trying to match the same traffic.
                      thats like stopping at a crossroads with roadsigns pointing left saying "texas' / pointing right saying 'texas'

                      1 Reply Last reply Reply Quote 0
                      • N
                        NORT last edited by

                        yes the wiki link gave me an insight!

                        However if WAN1 fails it redirect to WAN2, But when WAN1 is back the traffic remains on WAN2 and if WAN2 also fails it is not able to redirect to WAN1 because there is no failover2 ("That's what i think").

                        I also need to load-balance.

                        I am always grateful for your answers!

                        1 Reply Last reply Reply Quote 0
                        • H
                          heper last edited by

                          @NORT:

                          yes the wiki link gave me an insight!

                          However if WAN1 fails it redirect to WAN2, But when WAN1 is back the traffic remains on WAN2 and if WAN2 also fails it is not able to redirect to WAN1 because there is no failover2 ("That's what i think").

                          only open sessions will remain on WAN2, new sessions will/should go over WAN1 when it gets back online.

                          @NORT:

                          I also need to load-balance.

                          if you need loadbalancing (=identical tiers), then you shouldn't use failover groups (=differencing tiers) in the first place …..

                          1 Reply Last reply Reply Quote 0
                          • N
                            NORT last edited by

                            What a joy! now the Failover is working properly, i din't know that when the WAN 1 is back, the new session will be updated thanks again Heper!

                            Now the load-balancing:

                            If i put the load balancing rule(same tier) under to failover1 which is above  on the 2nd place , is it really triggered?


                            1 Reply Last reply Reply Quote 0
                            • H
                              heper last edited by

                              no …. it wont get triggered......

                              just remove the 'adsllinkfailover1' rule & only use the 'wanloadbalancer' rule

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post