Gateway Groups
-
I presume that with the new Gateway Groups, I add interfaces into a group, and then set the gateway for the traffic that I want to go over the group in the firewall rules.
Yes.
Do I need to set multiple gateways to "default" as well ?
No, only the one you want to be the default route. There can only be one default. Some changes related to that will be coming soon, for the time being check the one you consider your primary WAN.
-
Thanks!
my follow on question…
If Gateway groups are being used, do you "need" a default route ?
Cheers
-
If Gateway groups are being used, do you "need" a default route ?
Yes, you'll still want the firewall to be able to access the Internet, for NTP time sync, update checking, auto update, etc. It won't affect inside hosts if they all hit a rule with a gateway group, but does affect the firewall itself.
-
For fail-over, if wan1 fails, and later the link is re-established will all traffic move back to wan1 since it's gateway is set to "default"?
-
related question : if I have multi wan and the default route wan goes down does that stop pfsense being able to see the internet [ for its own purposes - e.g. update check etc… ] or will it fall back to the other defined gateways ???
in the 'future changes' will it be possible to define a wan group as teh default route ??
and will checking default on a gateway automatically uncheck default on the other gateways ??? -
related question : if I have multi wan and the default route wan goes down does that stop pfsense being able to see the internet [ for its own purposes - e.g. update check etc… ] or will it fall back to the other defined gateways ???
in the 'future changes' will it be possible to define a wan group as teh default route ??
and will checking default on a gateway automatically uncheck default on the other gateways ???I don't have either WAN or WAN2 marked as default and pfSense sees the Internet just fine (checks for updates, syncs time, etc).
-
I added two gateways in the gateway group and when one gateway went down, PFSense was still able to route traffic to the other gateway, so it seems that having seperate rules/groups for fail-over isn't necessary. At least under simple configurations.
-
I'm using 64 bit pfsense and am having difficulties. Fail over seems to work just fine, however all traffic seems to go through only one of the two gateways (Which ever is set to default). I have both gateways set for tier 1. I have a rule set up to allow all traffic to go through the gateway group. I even set up rules to try to force certain traffic to go through the inactive gateway. It didn't seem to help. Can anyone confirm working gateway load balancing? Do I need to setup manual outbound NAT rules?
-V
-
Can Gateway-Group work fine with PBR in last snap-version?
-
People, please stop hijacking threads. Do not post things in a thread that aren't addressing the original purpose/question of the thread. Start a new thread.