Default gateway switching concern

kevindd992002

What happens when I "allow default gateway switching" and then have a failover rule in my LAN rules? Are they not conflicting each other? I have two WANs.

heper

what happens is , the default gateway gets switched a wan goes down ….

with "allow default gateway switching" disabled, the default gateway stays where it was

kevindd992002

@heper:

what happens is , the default gateway gets switched a wan goes down ….

with "allow default gateway switching" disabled, the default gateway stays where it was

Lol, of course that's what it does. The one you said is written in the GUI itself.

What I was asking is what happens when that option is enabled TOGETHER WITH a failover configuration?

ptt

Nothing happens…

If im not wrong, if you dont enable  "allow default gateway switching", when your WAN (that is configured as Default GW) goes Down, all traffic that is not using the "policy routing" rule try to go trough the Default GW.

kevindd992002

@ptt:

Nothing happens…

If im not wrong, if you dont enable  "allow default gateway switching", when your WAN (that is configured as Default GW) goes Down, all traffic that is not using the "policy routing" rule try to go trough the Default GW.

Oh ok. So I think these two instances are redundant when set together? I mean you can just use allow default gateway switching alone and set all traffic to use the default gateway instead of setting up failover, right?

ptt

Is dificult to me explain it, Eng. is not my mother lang.

I try to explain with this example:

Lets say, you have 2 WAN & LAN, WAN1 is your "Main" connection, WAN2 is your "Backup"

If you have created the GW Group, named "FOGW"; WAN1–> TIER1 & WAN2--> TIER2

and you have WAN1 as "default gateway"

In you LAN rules you have only the "Anti-Lockout Rule" & "Default allow LAN to any rule"  ( just as they are when you install pfSense )

• LAN net * * * * none

If you have "allow default gateway switching", in normal condition, all outbound traffic will go trough the Default GW ( WAN1 GW )
when WAN1 goes Down, the Default GW will be switched to WAN2 GW and all your outbound traffic will go trough the Deafult GW  taht now is the WAN2 GW.

But if you dont set "allow default gateway switching", when WAN1 goes Down, the outbound traffic will try to go out trough the Default GW ( WAN1 GW) and you will loose your "internet ".

If you edit the "Default allow LAN to any rule" and set the GW to your  FOGW

• LAN net * * * FOGW none

If you dont set "allow default gateway switching",  and WAN1 goes Down, you will not loose your "internet" because now all outbound traffic will go trough WAN2 and its GW.

If you dont set "allow default gateway switching", the only one who will loose its "internet" connection will be the Firewall (you wont be able to install packages / check for updates)

so, is up to you how you will implementing / setting it

kevindd992002

Thanks for the explanation, I think I understand it now :) So it's still better to enable both setups.