Multi-WAN failover with web ping or similar

Mister.Deeds · Nov 21, 2023, 9:18 AM

Dear all

We have a pfSense firewall with two WAN uplinks. One primary and one secondary. Both come from different providers. Both have a pre-attached router on which the pfSense WAN gateway address is located. We do not have access to these routers.

This looks as follows:

The problem is that the gateway address is always available, even if the Internet connection behind the provider's router fails. Since we operate the installation as active-passive, we always have to manually deactivate the primary WAN interface in the event of a failure so that the failover takes place.

Is it possible to define an IP from the Internet as a monitor?

I hope you understand what I mean :)

Many thanks and best regards

greenlight · Nov 21, 2023, 11:09 AM

@Mister-Deeds if you mean gateways monitor IPs, i am using dns adresses for it.

i have 3 uplink and my monitor IPs 1.1.1.1, 8.8.8.8, 8.8.4.4. If the gateways cannot reach these addresses, it means they are not working. You cannot write the pfsense address or the IP address of a device on the same network as the Monitor IP.

viragomann · Nov 21, 2023, 11:14 AM

@Mister-Deeds
pfSense uses the information from dpinger gateway monitoring to determine if a gateway is available. It just pings the gateways by default. But since these are your local ISP routers, they are responding even if the WAN line is dead.

So you have to go to the gateway settings (even possible with DHCP) and state a public monitoring IP. Then the gateway will only shown up as online if the public IP is really reachable.
You have to state different monitoring IPs for both gateways.

Mister.Deeds · Nov 21, 2023, 11:58 AM

Dear both

Thank you very much for your answers. This is exactly what I need. Now it works:

Have a nice day and best regards