Routing with two WANs using Priority
-
@Silence Hello ! Is there a way to kill only states related to the WAN that gets down ?
Thanks !
-
@st6, What are you talking about?
Could you give me a scenario where this makes sense?
-
@silence Sure ! I just want when the Gateway A gets down all states related to this gateway should be killed. At the moment the problem I'm seeing to kill all states when any gateways get down is that could kill wrong states. For example if the Gateway B gets down it will clear states from Gateway B and A, however Gateway A is working fine.
-
@st6 Normaly you shouldn't clear all states if one wan goes down. Just the states of the connection that went down.
Otherwise you create uneeded outages. This is useful in very special cases. -
@netblues Yes you are right ! Because of that I would like to know if is there a feature like "System > Advanced > Miscellaneous > State Killing on Gateway Failure." That kills only states from Failure Gateway.
-
@st6 Well in pfsense, gateway action brings down the interface.
Some interfaces have "physical" means to "understand" failure, like link on lan interfaces
Generally on wan interfaces, local ethernet link isn't an indication of connectivity, so pf has pinger that constantly pings something on the other end of the wan.
If it doesn't get anything back, then wan is considered down, which effectively will lead to clear states action and the interface to be marked as down. -
@st6
I still don't understand, if you have port A In use (and port B waiting for redundancy) when port A falls (It will kill the states of port A But also this is all the state in wan because port B was idle waiting for What door A Fallara to enter to replace it, do I explain myself? -
@silence Yes. The problem is not the port A fails is if the port B fails that is the redundancy. If the redundancy link fails will kill all states even of port A that is working well. I'm I miss not understood the feature.
-
@st6 Pfsense is a multiwan device,
There is no reason to kill all states in all wan connections because one failed. It serves no practical purpose and breaks working connections.
And yes, even in failover situatuions you still want to know if failover port is working in case you need it. -
@st6, I understand, this should not be possible! but if it really happens to you I want you to stand guard and send your firewall lgos to be able to find the cause of the problem please.