New version removed Gateway Switching

  • Today I updated pfsense to versión 2.4.4. RELEASE. I noticed that option "Default Gateway Switching" was removed from System/Advanced/Miscellaneous tab. Why? What is the expected behaviour now? How this affects multi-wan failover scenarios?

    I have been looking at this some today.. I am removing all policy routing to the failover group from my edge (Cable (Tier 1) then ADSL (Tier 2)) and am relying on the new default gateway group instead.

    No more bypassing for local stuff. So far so good.

    This is really good news since most people don't have a problem with multi-wan, but the introduction of policy routing is a challenge for a lot of people.

    Now in simple failover cases all you have to do is make the group, set the default gateway to track it, and you're done. No special rules necessary.

  • Thanks for you answer @derelict

    Does it mean that we could expect Squid (and other packages that use default gateway) to work well with loadbalance if we set the default gateway group with members on the same tier?

    No. This has nothing to do with load balancing. That still has to be policy routed. But it should help squid in the same way default gateway switching would in a failover situation.

    The real answer for squid and load balancing is to put a squid instance behind the firewall so the outbound connections it makes hit the policy routing rules on the LAN and the load balancing gateway group rule gets applied to the traffic.

    I know people like everything to be "on one pfSense" but in that case you need to separate them for the desired outcome.

    Loadbalance gateway groups (any group with more than one gateway in a single tier) probably should not even appear in the default gateway pulldown. But they do. I am not sure of the behavior there. The default gateway is probably set to the first one found after a sort by tiers.