Failover not Failing back.

  • ISP 1 Static IP DIA Tier 1 in Gateway Group, ISP2 Static IP Tier 5 in Gateway group. Firewall rules applied for LAN traffic . Failback works if I phyisally withdraw WAN2 or reboot. Failback does not work by clearing tables / flushing states . Is there a solution to enable Failback , according to Netgate support this am Failback is a non default feature on the SG3100 . Can other users comment ? Thanks

    Re: Failover doesn't fail-back… how to fix?

  • I'm having similar issues. The failover works for about 30 seconds just fine, then it just quits. My failover is an AT&T 4G Router made by ZTE (mf279) which does its own routing and has its own wifi. When I connect to the ZTE's wifi it works fine. Even though the pfsense is getting a local IP from the ZTE's lan network, it should still work fine, so there must be some kind of problem with my failover gateways or firewall rules. What helps you will probably help me too. For reference, my WAN1 gets a dynamic IP from a cable internet provider (comcast) were their gateway modem is in bridge mode, so the WAN IP in on my pfsense's WAN1 interface. The WAN2 is coming from a wired connection to AT&T's ZTE 4G gateway. The IP for WAN2 is 192.168.1.X. The pfsense's IP and subnet is 192.168.2.X, so there should be no conflict there. I tried both gateways as Tier1, the comcast as Tier1 and AT&T as Tier2, AT&T at a higher tier, chose packet loss and latency in different combinations, lowered the threshold for packet loss and latency, etc. I just don't know what to do at this point. I can't ask the client to unplug the power for the comcast gateway modem every time it goes down because that defeats the purpose of using a failover WAN. Any ideas guys?

    Not much of a difference but the IP for WAN2 is 192.168.0.X, not 1.X. Sorry.

  • System / Routing/ Gateways
    Is the AT&T ( "failover") seen as a DHCP connection ?
    Likewise is WAN1 seen as a DHCP connection ?
    Have you checked firewall rules for the Gateway Group.
    Why is WAN 2 broadcasting SSID and authenticating clients ?

    Thanks .

    [0_1550729480564_NETGATE-FAILOVER-FORUM-FEB-2019.pdf](Uploading 100%)

  • Thank you for responding Pat. I'll start with some background.

    I have a 4 port NIC assigned as WAN1, WAN2, OPT1, and OPT2.
    OPT1 and OPT2 are in a LAN bridge in case I needed another LAN port for whatever reason.
    0_1550730710630_Interface Assignments.PNG

    Here are the interfaces in my dashboard.
    0_1550731230613_Interfaces Edit.png

    To answer your first two questions, both WANs are seen as a DHCP connection as shown.
    0_1550730977974_Gateways Edit.png

    This is the gateway group I have.
    0_1550731101330_Gateway Group.PNG

    The firewall rule for the LANBRIDGE interface (my LAN) is set to use the gateway group I named "Failover".
    0_1550731055893_Firewall Rule.PNG This is where I think the problem may lie but I'm not sure.

    Here are some of the thresholds for Gateway 1 (Comcast).
    0_1550731185009_Gateway 1 Thresholds.PNG

    Since WAN2 wasn't working as a failover, I instructed the client to simply use the SSID from the AT&T 4G gateway modem so they can have something. I haven't yet put the AT&T into bridge mode yet as there doesn't seem to be a "proper" way to do it. It seems the true WAN IP won't for this 4G modem won't be on the WAN2 interface unless we pay for a static IP, but either way, double-NATing shouldn't be a problem as all the client needs is a simple internet connection to function. If it was working correctly I would have disabled the WIFI on the AT&T device (actually not sure if it will even let me. This thing is pretty locked down.) Please let me know what you think of if there are any other pieces of information that would help in solving this issue. Thanks in advance!

Log in to reply