Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multi WAN with wrong default gateway

    Scheduled Pinned Locked Moved Routing and Multi WAN
    5 Posts 3 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      broonu
      last edited by

      Hi all,

      I have a problem and I can't find the reason.

      Configured a pfsense 2.3.3-RELEASE (amd64) with Gateway Group.
      In System->Advanced->Miscellaneous option "Default gateway switching" is disabled.

      PFSENSE itself has 3 gateways configured: ISP1 (192.168.0.2, default gateway), ISP2 (192.168.1.1) and LOCAL_GW (172.16.0.1, for internal routing).

      My Gateway Group configuration:
      ISP1 as TIER 1
      ISP2 as TIER 2
      LOCAL_GW never

      This LOCAL_GW is there just to static routes, not for internet purpose, but gateway groups configurations shows all gateways configured in pfsense.

      The problem is pfsense is triggering member down on ISP1, showing in the log it has about 24% percent. (Two problems here: 1) It should take action only in 100% loss and 2) If I run a ping to IP using to monitoring this gateway, there is no loss at all).

      MAIN PROBLEM: Instead of setting the ISP2 to default gateway, pfsense put my gateway LOCAL_GW as default gateway.

      Did you guys know sometinh about this problem?

      1 Reply Last reply Reply Quote 0
      • P
        pabloramos
        last edited by

        I'm having problem with same configuration. "Default Gateway Switching" is enabled on advanced options, and I have 3 gateways defined on System -> Routing menu. One of them is the default gateway. When it goes down, the pfSense switches to other one, but I don't understand what logic it's using to choose the backup gateway. It's simply changing to other (I seems that it's using the alphabetical order, but I don't no). The question is that I can't define what's the backup default gateway in any way. Some solution for this case?

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          Yup. You can't use Default Gateway Switching if you have an inside gateway defined. There is nothing keeping that from being selected as the new default gateway.

          There are some feature requests out there but I don't think anything is set there yet.

          So inside gateway: don't use default gateway switching. Usually completely unnecessary anyway with proper policy routing.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • P
            pabloramos
            last edited by

            Thanks for your reply, Derelict.

            I have only two interfaces (WAN and LAN), but three gateways (ISP, Local Core and MPLS Router). The default one is the ISP (WAN).

            When this gateway goes down, I would like the pfsense change the default route to MPLS Router, in LAN net. If the Local Core is set, a loop is created. In this cenario, I think there's no need to create a policy routing. My only need is to specify the backup default gateway, and don't let the pfsense choose one by himself.

            There's a way to do this?

            Sorry for my poor English and thanks again.

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              No. You want to set up a gateway group for the ones that actually give you internet access.

              But it is usually FAR better if they are all on their own interface.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.