• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Minimizing data use on failover gateway

Scheduled Pinned Locked Moved Routing and Multi WAN
3 Posts 2 Posters 603 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • X
    Ximulate
    last edited by Apr 17, 2019, 3:53 PM

    pfSense V2.4.4p2
    Primary WAN gateway is a cable modem
    Failover WAN gateway is a Netgear LB2120 LTE modem

    For the failover WAN, we're using a "pay per 100 megabyte" service, so I'd like to minimize the amount of data sent over this connection. In the pfSense documention, there is an example of how to configure the firewall so that only select devices can use the failover WAN. I think I have all this set-up correctly, but I'm still getting some data going over the fail-over WAN when primary WAN appears to be OK. In the firewall, I've created an alias for devices that can use the failover WAN. For testing, I set the alias to an unused LAN IP address. However, the cell service still reports data being used. I'm just not sure how to figure-out why. Screenshots below. Any advice or suggestions?

    Primary Gateway:
    c147e3c8-b467-428a-afc0-9a40e40002d8-image.png

    Failover Gateway:
    a9f3a7a4-8a40-4758-b796-fb5782e33742-image.png

    Gateway Group:
    e8618349-f106-42a3-a63c-7874c7eaccf9-image.png

    Primary LAN (VLAN80 is similar):
    f6a186d7-2f87-4024-89cb-9043ba9102df-image.png

    X 1 Reply Last reply Apr 19, 2019, 2:04 PM Reply Quote 0
    • X
      Ximulate @Ximulate
      last edited by Apr 19, 2019, 2:04 PM

      Just to clarify, my objective here is to avoid using cellular data at all unless the cable modem is 100% down. I've tried several things to isolate where the data leak is coming from, but still not sure.

      1. Changed devFailover alias (devices allowed to use the failover WAN gateway) to an unsed IP
      2. Disabled the firewall rule allowing failover devices to leave the LAN
      3. Marked the failover gateway as down

      In these cases, my cellular service stats webpage indicates a small amount of data was used. Next, I physically removed the ethernet cable connecting the pfSense router to the cellular modem. The cellular modem is still on. So far, the cellular service stats indicate no data usage. This tell me that the router is leaking data out of the failover WAN. At this point, am am not sure how.

      1 Reply Last reply Reply Quote 0
      • D
        Derelict LAYER 8 Netgate
        last edited by Apr 22, 2019, 5:57 AM

        There will always be traffic from gateway monitoring (two pings per second by default) unless it is disabled. If it is disabled you will have to do without knowing if that gateway is up or down.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received