Routing with two WANs using Priority
-
Hello Guys,
I'm quite new under this pfSense world and I'm facing the following problem:
I have two WANs configured each one on Gateway Groups with different Priority gateways.
Group A I have:
Gateway Priority :- Gateway A Tier 1
- Gateway B Tier 2
Group B I have:
Gateway Priority :- Gateway A Tier 2
- Gateway B Tier 1
Both groups have triggered level as "Member Down"
Using these rules I always tries my outbound traffic to goes thought WAN A using Gateway A.
The problem I'm facing at the moment is:
When WAN A gets down, pfsense has some STATES to Gateway A. So the traffic still trying to leave from thought Gateway A instead of move to B.
If I clear the STATES table works fine.
My Pfsense version is: 2.4.5-RELEASE-p1
Is this problem of configuration error concept or is it a bug of routing ?
Thanks !
-
@st6
How do you use these gateway groups?Multiple gateway groups only make sense when using them in policy routing rules.
For a simple fail-over, you only need one gateway group and set this one as default in System > Routing.For removing related states, when a gateway goes down add a check at System > Advanced > Miscellaneous > State Killing on Gateway Failure.
-
@viragomann said in Routing with two WANs using Priority:
System > Advanced > Miscellaneous > State Killing on Gateway Failure.
exactly
-
@st6 said in Routing with two WANs using Priority:
My Pfsense version is: 2.4.5-RELEASE-p1
You should really upgrade to 2.5.2 in any case.
-
@viragomann Thank you so much ! I think this is exactly what I need. Thank you so much again.
-
@Silence Hello ! Is there a way to kill only states related to the WAN that gets down ?
Thanks !
-
@st6, What are you talking about?
Could you give me a scenario where this makes sense?
-
@silence Sure ! I just want when the Gateway A gets down all states related to this gateway should be killed. At the moment the problem I'm seeing to kill all states when any gateways get down is that could kill wrong states. For example if the Gateway B gets down it will clear states from Gateway B and A, however Gateway A is working fine.
-
@st6 Normaly you shouldn't clear all states if one wan goes down. Just the states of the connection that went down.
Otherwise you create uneeded outages. This is useful in very special cases. -
@netblues Yes you are right ! Because of that I would like to know if is there a feature like "System > Advanced > Miscellaneous > State Killing on Gateway Failure." That kills only states from Failure Gateway.
-
@st6 Well in pfsense, gateway action brings down the interface.
Some interfaces have "physical" means to "understand" failure, like link on lan interfaces
Generally on wan interfaces, local ethernet link isn't an indication of connectivity, so pf has pinger that constantly pings something on the other end of the wan.
If it doesn't get anything back, then wan is considered down, which effectively will lead to clear states action and the interface to be marked as down. -
@st6
I still don't understand, if you have port A In use (and port B waiting for redundancy) when port A falls (It will kill the states of port A But also this is all the state in wan because port B was idle waiting for What door A Fallara to enter to replace it, do I explain myself? -
@silence Yes. The problem is not the port A fails is if the port B fails that is the redundancy. If the redundancy link fails will kill all states even of port A that is working well. I'm I miss not understood the feature.
-
@st6 Pfsense is a multiwan device,
There is no reason to kill all states in all wan connections because one failed. It serves no practical purpose and breaks working connections.
And yes, even in failover situatuions you still want to know if failover port is working in case you need it. -
@st6, I understand, this should not be possible! but if it really happens to you I want you to stand guard and send your firewall lgos to be able to find the cause of the problem please.