I have a couple questions on some failover behavior:
1. Does pfsense know to failover if the link is still up, but traffic is not routing to part of the internet? (Example: Comcast customers are unable to reach certain sites, but Century Link customers can. We have seen this happen several times before.)
2. When returning from failover state, does it keep the alternate WAN connection open for returning traffic? (Example: streaming video, it fails over, then fails back, if the alternate WAN connection closes right away, it interrupts streaming video.)
1. That depends on what you set for the monitor IP. If it can be reached and the latency/loss are within the specified parameters, the WAN is considered up.
2. When the Tier 1 connection comes back up, states on the backup WAN are not torn down and will continue to work. Newly-established connections will use the Tier 1 circuit since it is preferred.
On 2, excellent. We're having trouble with another device over this issue and streaming audio. We provide closed captions for TV and other media as well as corporate meetings and conference calls. A captioner not losing audio so their captions aren't interrupted is a good thing.
On 1, darn. I was hoping to find a way around this issue. We have had repeated problems with Comcast routing, where small portions of the internet were not accessible, but other ISPs were fine. We can have the users manually fail it over by simply turning off the Comcast cable modem when this happens.
I have one more:
Is it possible to use a local wireless card for alternate WAN (such as attaching to a Verizon mobile access point)?
If you can get it to work, sure.
I would expect something with ethernet handoff to be more reliable. Something like the Netgear LB1110. Not an endorsement. I have never tried it. But that is the route I would go if I needed 4G/LTE WAN on pfSense.
If I needed to connect to a wifi WAN I would use something like a Ubiquiti AirMax bridge. Again, ethernet handoff to pfSense.
Yeah, those would be good options. I have to have some alternatives to hand to management.
They're wanting to use this little Raspberry Pi setup that doesn't have firewall or router capabilities, between the router and the cable/DSL modem, and using a wireless connection to a Verizon mobile AP as a tertiary redundancy option, however, that is giving issues with failover return dropping streaming connections.
I'm playing around with the idea of other options with pfsense, so they can get decent security as well as redundancy.
I'm also looking for options for my own side business, to sell to work-from-home customers, with the options of security, redundancy, and uptime compared to home routers. More options the better in that market. It wouldn't pay well, but it has possibilities.
I forgot to say: Thank you very much for the info. I will put it to good use.