1. Home
  2. pfSense® Software
  3. General pfSense Questions
  4. Failover configuration

Failover configuration

  • P

    We currently have a primary WAN connection via Comcast and is set to Tier 1. We have a secondary DSL connection on OPT set to Tier 2. When Comcast goes down (all too frequently) the failover works correctly and the DSL connection kicks in after brief period. The problem is that there does not seem to be any mechanism for rolling the WAN connection back to Comcast once service is restored. From my experience in the past, the Tier 1 connection was always treated as the prefered connection if it was available. This does not seem to be the case now. Does anyone have a suggestion or have I miss configured something.

    I considered setting up a load balancing pool but there is a serious performance difference between the 2 services and we do have some VPN stuff that might not be happy using a balanced setup.

    I would appreciate any suggestion.

    0
  • stephenw10
    Netgate Administrator

    The expected behaviour is that when the tier 1 gateway comes back on-line new connections will then go via that.
    Existing open connections on the tier 2 gateway are not killed, that would be needlessly disruptive in most cases. TCP connections on tier 2 will close or timeout and if re-opened will be on tier 1. UDP connections can stay longer particularly things like VoIP when the state is pretty much held open permanently. That behaviour hasn't changed though.

    There are a few options you can set that vary this behaviour such as 'Flush all states when a gateway goes down' and 'Reset all states if WAN IP Address changes', both System > Advanced settings, but there is no way to force a failback directly.

    You might set a cron job to do something similar at a low traffic time if that applies to your situation.

    Steve

    0 P 1 Reply
  • P

    @stephenw10
    Thank you so much Steve. Completely explains what I was observing. I just did a test and confirmed that it is working as expected. I also had an error with how I had configured DNS which was confounding things even more.

    Basically there is no need for me to doing anything other than the default behavior. As long as the connections eventually end up going out the Comcast gateway all is good

    Thanks!

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy