2 WANs failover not working



  • Hello folks,

    I need help; I am new to pfsense, i have 2 WANs and 1 LAN, i want to apply load_balancing and fail_over, i am not sure if i went through all the process but i think so. This how it is:

    WAN 1:10.0.2.8/24
      LAN  :192.168.1.1/24
      WAN 2:10.0.3.8/24

    I have troubles with my pfsense adapters, only one adapter at a time is being used to provide internet but when i check the status i find the gateways on both adapters online, for that reason the "fail_over" is failing because when the principal one goes down pfsense is not able to shift to the second one.

    Any kind of help is highly appreciated.

    Thank you!



  • Have you created a gateway group and set your LAN > WAN firewall rule to use that group?

    Best regards

    Kostas



  • Thank you Kostas,

    Yes i created the gateway group and set the  for LAN firewall rule only, do i have to create also the firewall rules for both LAN?

    Regards,



    ![lan rules.PNG](/public/imported_attachments/1/lan rules.PNG)
    ![lan rules.PNG_thumb](/public/imported_attachments/1/lan rules.PNG_thumb)



  • I also set the floating rule



  • And how long are you waiting for this redirection to work?
    It will primarily depend on the timeout of TCP sessions?
    In the fall of one of the GW, sessions are broken?



  • Thank you DarkBeard,

    Perhaps i was not waiting for the TCP SESSIONS to time out, now it is being redirected , however i can't ping or trace-route outside but i can browse and navigate on the internet.
    what should be the problem with that?

    Thank you guyz for your help!



  • Rules 3-5 will never get triggered.

    Only the first and second rule will ever match.
    https://doc.pfsense.org/index.php/Multi-WAN#Firewall_Rules



  • Thank you Heper,
    You comment has been really helpful, however i also want to implement the other rules down, now it is requiring me to put what i want to use at the top, so how can i use all of those rules down?

    Thank you guyz for your help.



  • @NORT:

    Thank you Heper,
    You comment has been really helpful, however i also want to implement the other rules down, now it is requiring me to put what i want to use at the top, so how can i use all of those rules down?

    why?
    has the wiki page solved your misunderstanding about your ruleset ?

    there is (generally) no point in creating a seperate/multiple failover gateway_groups (like failover1_2 / failover2_1); especially so, when trying to match the same traffic.
    thats like stopping at a crossroads with roadsigns pointing left saying "texas' / pointing right saying 'texas'



  • yes the wiki link gave me an insight!

    However if WAN1 fails it redirect to WAN2, But when WAN1 is back the traffic remains on WAN2 and if WAN2 also fails it is not able to redirect to WAN1 because there is no failover2 ("That's what i think").

    I also need to load-balance.

    I am always grateful for your answers!



  • @NORT:

    yes the wiki link gave me an insight!

    However if WAN1 fails it redirect to WAN2, But when WAN1 is back the traffic remains on WAN2 and if WAN2 also fails it is not able to redirect to WAN1 because there is no failover2 ("That's what i think").

    only open sessions will remain on WAN2, new sessions will/should go over WAN1 when it gets back online.

    @NORT:

    I also need to load-balance.

    if you need loadbalancing (=identical tiers), then you shouldn't use failover groups (=differencing tiers) in the first place …..



  • What a joy! now the Failover is working properly, i din't know that when the WAN 1 is back, the new session will be updated thanks again Heper!

    Now the load-balancing:

    If i put the load balancing rule(same tier) under to failover1 which is above  on the 2nd place , is it really triggered?




  • no …. it wont get triggered......

    just remove the 'adsllinkfailover1' rule & only use the 'wanloadbalancer' rule