Gateway Group Priority Tier Ignored to Prefer Default Gateway
-
Using pfSense 2.4.2P1, I have set up 2 WAN's and gateways, a LAN with NAT, a Gateway Group set to failover, and a floating firewall rule to point to the the Gateway Group. It all works great – I can pull any WAN cable and it fails over beautifully to the other as it is supposed to (Trigger Level set to "Member down").
The Problem: Tier is ignored. The gateway set as default gets the priority no matter what the tier is set to.
Anyone else see this issue? Is this a bug, supposed to be this way, or have I missed some setup?
eth0=Wan1
eth1=Wan2
eth3=LAN
Gateway Group1=Gateway for eth0/Wan1 and eth1/Wan2
Floating Firewall Rule Gateway = Gateway Group1Used these links in my setup:
https://doc.pfsense.org/index.php/Multi-WAN
https://doc.pfsense.org/index.php/Gateway_Settings
http://opensourceforu.com/2016/08/configuring-pfsense-dual-wan-failover-mode -
Got it to work. Had to set the default gateway in the LAN firewall rules to the Gateway Group. I had thought this was taken care of in the floating rules, but apparently not. Will have to study the relationship of the floating rules to the normal firewall rules a bit more . . .
-
The gateway setting on the floating rules is ignored for outgoing traffic on the WANs (in fact for any interface when the direction of the traffic is out) so you have to tag that traffic for a specific gateway or gateway group with LAN rules when the traffic enters the firewall.
-
So it looks like step 3 in the opensource link above to create a floating rule is unnecessary? Is there any reason to keep the floating rule? Seems to work fine without it . . .
-
Found this had already been answered in "floating rules to switch gateway" here:
https://forum.pfsense.org/index.php?topic=139752.0