WAN Failover problems on pfSense 2.0

  • Hi all,
    I have a problem setting up WAN fail over on pfSense 2.0.
    The pfSense box is connected to 2 ISP modems (different ISPs) one is PPPOE and one uses DHCP.
    After setting up the fail over group, the firewall rules, and everything else that is stated in the docs the fail over will not function correctly.
    When I disconnect one line, the backup line will not work and the box loses connection.
    In the Status -> Gateways -> Groups tab I can clearly see that one on the WAN's in the fail over group is down.
    The firewall rules are set to use the fail over group as the gateway. The monitor IP's I use are google dns servers.
    The Tier in the group are set to 1 & 2 (for fail over and not load balancing).
    What am I missing ?  ???
    I would appreciate some help.

  • @http://doc.pfsense.org/index.php/Multi-WAN_2.0:


    * Check gateway status on the Dashboard widget or Status > Gateways
       * If failures are triggered too often, check quality graphs and adjust a gateway's packet loss and/or latency thresholds.
       * If local or VPN traffic fails, ensure you have policy route negation rules. These are automatic for static route networks and IPsec but not for OpenVPN or some other types.
       * If traffic always uses the default gateway instead of WAN, check your rules to make sure it's actually hitting a rule with a gateway defined.

    Can you view screenshot of your lan rules and change monitor ip's temporary to ISP's dns servers?

  • I did check all these, nothing helps.
    Do you want me to post a screenshot of my firewall rules?

    i attached the firewall rules screenshot.

  • Have you changed monitor ip's? Rules looks ok, atleast to me

  • @Metu69salemi:

    Have you changed monitor ip's? Rules looks ok, atleast to me

    I tried several monitor IPs, it didn't make any difference…
    The thing is that pfSense does see that one of the WANs is down, but it does not bring the second WAN up.

    *Just to make things clear, this is a line from the pfSense manual regarding Multi WAN:
    "When a firewall rule directs traffic into the gateway, it bypasses the firewall's normal routing table."
    My problem is that this does not happen, instead pfSense is using the regular routing table.

  • Uninstall squid and try again. If it works then search the forum for Multi-WAN and squid.

  • what happens if you change source from any to lan6 subnet?

  • @Metu69salemi:

    what happens if you change source from any to lan6 subnet?

    That won't change anything.

  • Couple things to check:

    1. Make sure you have at least one DNS server per WAN under System>General Setup if you're using the DNS forwarder (default out of the box config you are). Validate whether it's just DNS that's failing (you can't resolve names, but can ping things like, or IP connectivity fails. I suspect just the former because your DNS config isn't valid for multi-WAN. In general, I would not allow overriding your manually configured DNS servers with ISP-assigned ones when using multi-WAN.

    2. Check your gateways status under Status>Gateways and make sure a failure is being properly detected. If it's not, it's probably because you're doing something like using your modem's IP for your monitor IP and it never goes down when your connection goes down.

Log in to reply