Netgear LB2120 as WAN failover

  • I am having difficulties configuring a secondary gateway/WAN interface in pfSense for the Netgear LB2120.

    The LB2120 is configured with an AP profile, in bridge mode, and with a static (private) IP subscription. The LAN side of the LB2120 connects up to what I will be designating as WAN2 interface on my pfSense. The LAN address for the LB2120 by default is

    The WAN2 interface on my pfSense is setup as a static IPv4, with the private IP address plugged in as the interface address (24 mask). When I try to define the gateway as the LAN address on the LB2120, pfSense says that it's not possible because its out of the IP range.

    How should be setting up this secondary WAN and gateway?


  • Any suggestions on how I can get this going as a secondary WAN?

  • Have you confirmed that it works as your primary WAN in bridged mode first?

  • I got it working.

    On the secondary WAN interface I defined the static IP provided by the ISP and created a gateway with the address of the LAN port on the LB2120 (default =

    In this gateway definition I clicked Advanced settings and checked the box labeled 'Use non-local Gateway'.

    I then created a group with primary WAN set to tier 1 and secondary WAN set to tier 2.

    Under the LAN pass to any rule I specified the gateway as the WAN group.

    It wasn't necessary to select System->Advanced->Miscellaneous->DefaultGatewaySwitching.

    I did have a question though on specifying the gateway for the pass LAN to any rule. Does specifying this gateway mean that all traffic will go out through the gateway and come back in, or does it just mean if the destination address is external to firewall, use the gateway group instead of the default gateway definition.


  • Just for clarification, the LB2120 had the patch which allowed the unit to be placed in bridge mode. Bridge works whether I am connected to directly to a single host, or via the pfSense.


  • Is there any risk in defining the WAN2 gateway as a private address

  • @SR190 You seem to be way more knowledgeable about this stuff than I, so maybe you can help me. I don't have a pfSense. I have Arris surfboard (optimum) -> LB2120 -> Netgear AC series WiFi access point. I have a lot of static IPs and since the LB2120 doesn't support this, I don't want to use the DHCP service on that. Optimum provided IP address is dynamic. My first setup was to have LB2120 in bridge mode with IP as default with My current LAN range (DHCP from Wifi AP) is 192.168.1.x. In bridge mode, I'm fine with the wired connection to optimum and can open the LB's browser at When I disconnect the Optimum connection, it doesn't seem to failover and I can't get to the LB address. I know I'm getting LTE data because FreedomPop shows my data usage ticking up (presumably modem pings). I also tried putting it in router mode and disabling the DHCP service, but no go. I managed to screw it up so badly by enabling VPN that I had to do a factory reset because I couldn't get to the LB. So I'm wondering if changing the LB address to within my LAN range of 192.168.1.x is necessary or if you had any other thoughts. Appreciate any help.

Log in to reply