Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    New version removed Gateway Switching

    Scheduled Pinned Locked Moved Routing and Multi WAN
    12 Posts 5 Posters 5.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      javerleo
      last edited by

      Today I updated pfsense to versión 2.4.4. RELEASE. I noticed that option "Default Gateway Switching" was removed from System/Advanced/Miscellaneous tab. Why? What is the expected behaviour now? How this affects multi-wan failover scenarios?

      Thanks in advance for your support.

      –-----------
      God is my best friend

      1 Reply Last reply Reply Quote 0
      • GrimsonG
        Grimson Banned
        last edited by

        So reading upgrade announcements and release notes is not your thing? You should change that if you don't want to look stupid.

        J 1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by Derelict

          I have been looking at this some today.. I am removing all policy routing to the failover group from my edge (Cable (Tier 1) then ADSL (Tier 2)) and am relying on the new default gateway group instead.

          No more bypassing for local stuff. So far so good.

          This is really good news since most people don't have a problem with multi-wan, but the introduction of policy routing is a challenge for a lot of people.

          Now in simple failover cases all you have to do is make the group, set the default gateway to track it, and you're done. No special rules necessary.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          J S 2 Replies Last reply Reply Quote 1
          • J
            javerleo @Grimson
            last edited by javerleo

            @grimson : I'm not afraid to look stupid since only stupid people see things that way and use the forum to express their anger and frustration. Get a shrink.

            –-----------
            God is my best friend

            1 Reply Last reply Reply Quote 1
            • J
              javerleo @Derelict
              last edited by

              Thanks for you answer @derelict

              Does it mean that we could expect Squid (and other packages that use default gateway) to work well with loadbalance if we set the default gateway group with members on the same tier?

              Best regards.

              –-----------
              God is my best friend

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                No. This has nothing to do with load balancing. That still has to be policy routed. But it should help squid in the same way default gateway switching would in a failover situation.

                The real answer for squid and load balancing is to put a squid instance behind the firewall so the outbound connections it makes hit the policy routing rules on the LAN and the load balancing gateway group rule gets applied to the traffic.

                I know people like everything to be "on one pfSense" but in that case you need to separate them for the desired outcome.

                Loadbalance gateway groups (any group with more than one gateway in a single tier) probably should not even appear in the default gateway pulldown. But they do. I am not sure of the behavior there. The default gateway is probably set to the first one found after a sort by tiers.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 1
                • S
                  snore @Derelict
                  last edited by

                  @Derelict said in New version removed Gateway Switching:

                  I have been looking at this some today.. I am removing all policy routing to the failover group from my edge (Cable (Tier 1) then ADSL (Tier 2)) and am relying on the new default gateway group instead.

                  No more bypassing for local stuff. So far so good.

                  This is really good news since most people don't have a problem with multi-wan, but the introduction of policy routing is a challenge for a lot of people.

                  Now in simple failover cases all you have to do is make the group, set the default gateway to track it, and you're done. No special rules necessary.

                  I apologize if I ask a stupid question, but what exactly is the change? Is it that now you no longer have to add the failover group to an individual firewall rule?

                  1 Reply Last reply Reply Quote 0
                  • DerelictD
                    Derelict LAYER 8 Netgate
                    last edited by

                    No. It has nothing to do with policy routing. You still have to do that.

                    It gives you more control over how the default gateway selection is made.

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    S 1 Reply Last reply Reply Quote 0
                    • S
                      snore @Derelict
                      last edited by

                      @Derelict said in New version removed Gateway Switching:

                      No. It has nothing to do with policy routing. You still have to do that.

                      It gives you more control over how the default gateway selection is made.

                      I've been searching in the wiki but I am afraid I couldn't find it. What exactly is the change?

                      1 Reply Last reply Reply Quote 0
                      • DerelictD
                        Derelict LAYER 8 Netgate
                        last edited by

                        https://redmine.pfsense.org/issues/8187

                        https://docs.netgate.com/pfsense/en/latest/releases/2-4-4-new-features-and-changes.html

                        Chattanooga, Tennessee, USA
                        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                        Do Not Chat For Help! NO_WAN_EGRESS(TM)

                        1 Reply Last reply Reply Quote 0
                        • T
                          TrisWood Banned
                          last edited by TrisWood

                          This post is deleted!
                          1 Reply Last reply Reply Quote 0
                          • DerelictD
                            Derelict LAYER 8 Netgate
                            last edited by

                            What? This is not a guide. Question asked and answered.

                            Chattanooga, Tennessee, USA
                            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                            Do Not Chat For Help! NO_WAN_EGRESS(TM)

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.