  • Hi all,

    My Pfsense has two interface (Wan port and Lan port). I want to configure the wan port down, then lan port will automatically stop functioning. Also lan port have issue, the
    wan port will automatically stop functioning too. Can Pfsense support it? Please advise.

  • @tomli


    What do you mean by shut the LAN port down? If the WAN port is down, nothing will go past pfSense to the WAN. Short of turning off your switch, you can't just shut down a LAN.

  •                             Site1                         Site2

    server1--switchA--Pfsense1----ISP -----Router---------server2
    | -----switchB--Pfsense2----ISP--------

    If my switchA has issue, I want Pfsense1 will mark down it wan port automatically. My site2's router will try to connect to Pfsense2 wan port.

  • @tomli

    If switchA is down, how does server1 connect to anything?

  • Server1 will use switchB to connect the network.


  • @tomli

    Perhaps you could provide a better diagram. It looks like switch A & B are at different sites.

  • LAYER 8 Global Moderator

    @tomli said in Port Pair:

    Server1 will use switchB to connect the network.

    And how would it do that if switch one is off? Your drawing shows server1 connected to switch A, it looks like pfsense1has another connection to switchb?


    If you want any help, your going to have to show us how your network is connected.. But I take it server1 has 2 connections switchA and switchB? Which is already pretty F'd up to be honest..

    Is this a lacp connection. Why do you have 2 different pfsense? With different connections to them? Put them in an HA pair, setup multiple wan connections to the pair.. Shutting a wan down should have zero to do with the lan path to get to pfsense.

    In your scenario if understanding it right, you want the client to decide which connection it should use.. When pfsense is the one that should be handling that.

  • Hi All,

    Attached is my network diagram, please advise.


  • LAYER 8 Global Moderator

    That is not really how you would do a ha setup

    Something like this is how you would setup a fully redundant sort of setup. You would have a lan stack and wan stack, and bring your lacp connections into stacks


    Now a switch could fail on the lan side or the wan side and you would still have connectivity, if ISP failed you would still have full redundant connections for switches and interfaces on all your equipment. Any interface could fail on any device and still have full connectivity.

    So switch could fail, interfaces could fail, isp could fail and you still have connectivity.

    And then to take even to the next level you would advertise your IP out of either ISP even. So even if ISP A failed, your IP would just be advertised out of ISP B.. If B failed your B IP would be advertised out ISP A..

    The choice would never be on the server.. He doesn't have to know or care what path his is taking - he would still only ever point to his 1 gateway, which would be a vip of the lan side of your pfsense HA pair. But in that sort setup you would have to be running bgp out of your pfsense, and would have to have ok from your different ISPs to advertise your different IPs out of the different ISP.. If you can not do that, still can be redundant.. If you need inbound traffic you would just setup your dns to point some fqdn to the other IP if one of the links failed.

    If you can not bring 2 connections into the wan stack from each ISP, you would still have redundant connectivity, if a wan switch failed you would just have to use the other ISP because to your pfsense HA 1 of the connections would go away.

    Trying to get your server to make the choice is the wrong way to look at it to be honest.

