4. Default gateway switching concern

Default gateway switching concern

  • K

    What happens when I "allow default gateway switching" and then have a failover rule in my LAN rules? Are they not conflicting each other? I have two WANs.

    0
  • H

    what happens is , the default gateway gets switched a wan goes down ….

    with "allow default gateway switching" disabled, the default gateway stays where it was

    0
  • K

    @heper:

    what happens is , the default gateway gets switched a wan goes down ….

    with "allow default gateway switching" disabled, the default gateway stays where it was

    Lol, of course that's what it does. The one you said is written in the GUI itself.

    What I was asking is what happens when that option is enabled TOGETHER WITH a failover configuration?

    0
  • Rebel Alliance

    Nothing happens…

    If im not wrong, if you dont enable  "allow default gateway switching", when your WAN (that is configured as Default GW) goes Down, all traffic that is not using the "policy routing" rule try to go trough the Default GW.

    0
  • K

    @ptt:

    Nothing happens…

    If im not wrong, if you dont enable  "allow default gateway switching", when your WAN (that is configured as Default GW) goes Down, all traffic that is not using the "policy routing" rule try to go trough the Default GW.

    Oh ok. So I think these two instances are redundant when set together? I mean you can just use allow default gateway switching alone and set all traffic to use the default gateway instead of setting up failover, right?

    0
  • Rebel Alliance

    Is dificult to me explain it, Eng. is not my mother lang.

    I try to explain with this example:

    Lets say, you have 2 WAN & LAN, WAN1 is your "Main" connection, WAN2 is your "Backup"

    If you have created the GW Group, named "FOGW"; WAN1–> TIER1 & WAN2--> TIER2

    and you have WAN1 as "default gateway"

    In you LAN rules you have only the "Anti-Lockout Rule" & "Default allow LAN to any rule"  ( just as they are when you install pfSense )

    • LAN net * * * * none

    If you have "allow default gateway switching", in normal condition, all outbound traffic will go trough the Default GW ( WAN1 GW )
    when WAN1 goes Down, the Default GW will be switched to WAN2 GW and all your outbound traffic will go trough the Deafult GW  taht now is the WAN2 GW.

    But if you dont set "allow default gateway switching", when WAN1 goes Down, the outbound traffic will try to go out trough the Default GW ( WAN1 GW) and you will loose your "internet ".

    If you edit the "Default allow LAN to any rule" and set the GW to your  FOGW

    • LAN net * * * FOGW none

    If you dont set "allow default gateway switching",  and WAN1 goes Down, you will not loose your "internet" because now all outbound traffic will go trough WAN2 and its GW.

    If you dont set "allow default gateway switching", the only one who will loose its "internet" connection will be the Firewall (you wont be able to install packages / check for updates)

    so, is up to you how you will implementing / setting it

    0
  • K

    Thanks for the explanation, I think I understand it now :) So it's still better to enable both setups.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy