Dual Internet Failover Questions
-
Hello,
I have 2 internet connections coming into pfSense. The 2nd internet connection is a cell phone connection. I have 2 sets of computers on the network: 1. Mission Critical and 2. Non-Mission Critical.I have a Gateway Group set up for the mission critical computer network (using a separate subnet) that sets the primary internet connection to be that of the cell phone internet with the cable internet being the backup (due to how glitchy the cable connection is). The non-mission critical computers are set up to only use cable internet connection so as to not eat up the data from the cell phone connection.
For DNS, I have DNS using Open DNS that is not set to use any specific internet connection.
The issue I'm having is that when the glitchy cable internet connection drops out, EVERYTHING drops out including the mission critical computers that are routed using the gateway group using the cell phone connection as the primary. Not only that, on my internal LAN when the cable internet drops out, I cannot get my pfSense box to load. I'm not sure if it completely locks up, if it's a DNS issue, or what. I could live with that if I had to, if my mission critical computers were still running. But given that they dropped out too, I'm not sure what to do.
Can anyone suggest what I need to look at / do / check to ensure the mission critical stuff stays running?
-
@jonathank said in Dual Internet Failover Questions:
Not only that, on my internal LAN when the cable internet drops out, I cannot get my pfSense box to load. I'm not sure if it completely locks up, if it's a DNS issue, or what.
This behavior is at least not normal.
Do you access pfSense by the IP or the host name?
Can you ping it?
What's to see in the system log, when the issue occurs?
Do you monitor both connections?
What are the monitoring IPs? -
How is your DNS routing set up?
What is the pfSense default gateway set to?
-
@viragomann said in Dual Internet Failover Questions:
@jonathank said in Dual Internet Failover Questions:
Not only that, on my internal LAN when the cable internet drops out, I cannot get my pfSense box to load. I'm not sure if it completely locks up, if it's a DNS issue, or what.
This behavior is at least not normal.
Do you access pfSense by the IP or the host name?
Can you ping it?
What's to see in the system log, when the issue occurs?
Do you monitor both connections?
What are the monitoring IPs?So the internet glitched again (I'm in an area recently affected by Hurricane). This time I was able to reach my pfSense box. But this is at least the 2nd time this happened where when the internet glitched I couldn't reach pfSense. I'm using IP address.
What should I be looking for in the system log?
I'm not sure what you mean by monitoring both connections.
-
@viragomann said in Dual Internet Failover Questions:
@jonathank said in Dual Internet Failover Questions:
Not only that, on my internal LAN when the cable internet drops out, I cannot get my pfSense box to load. I'm not sure if it completely locks up, if it's a DNS issue, or what.
This behavior is at least not normal.
Do you access pfSense by the IP or the host name?
Can you ping it?
What's to see in the system log, when the issue occurs?
Do you monitor both connections?
What are the monitoring IPs?Primary internet dropped out again. I had been able to reach pfSense but it suddenly stopped responding. I tried pinging the IP address and no reply either.
-
@jonathank said in Dual Internet Failover Questions:
@viragomann said in Dual Internet Failover Questions:
@jonathank said in Dual Internet Failover Questions:
Not only that, on my internal LAN when the cable internet drops out, I cannot get my pfSense box to load. I'm not sure if it completely locks up, if it's a DNS issue, or what.
This behavior is at least not normal.
Do you access pfSense by the IP or the host name?
Can you ping it?
What's to see in the system log, when the issue occurs?
Do you monitor both connections?
What are the monitoring IPs?Primary internet dropped out again. I had been able to reach pfSense but it suddenly stopped responding. I tried pinging the IP address and no reply either.
Nevermind the part about pfSense not being able to connect. I now see my laptop swtiched over to the cell phone connection's wifi. So that's probably why I couldn't reach pfSense.
If you do have any suggestions as to what to check to see why the mission critical network stops during an primary outage I would appreciate it
-
@stephenw10
Default gateway is the cable internet gateway? Should that be automatic?(My fear with automatic is that the latency on the cell connection is much worse than the cable connection. So I don't want it trying to use the cell data for the non-mission critical side of the network)
-
It should probably be a failover group. Otherwise pfSense itself has no route when the cable goes down and that might include DNS queries.
-
Note, that you can create multiple failover groups and use them for different purposes.
E.g.
GWGr1: WAN1 = Tier 1, WAN2 = Tier 2
GWGr2: WAN1 = Tier 2, WAN2 = Tier 1