Source based routing during failover

  • Currently we have a 50Mb cable modem for our Internet connection.  It is faily reliable, but when it goes out we failover to dual T1s (3Mb).  This is obviously very painful by comparison, even with traffic shaping.

    We would like to add a DSL line for failover purposes, but only 6Mb is offered in our area.  Would it be possible to configure pfSense in such a way, that if the 50Mb line goes down, subnet1 uses the DSL while subnet2 uses the T1's?  This seems different to me than a gateway group.

    My first thought is to create a catch-all that directs traffic out the 50Mb connection, and then specify individual rules for specific subnets after that rule.  I believe that when a failure is detected, the gateway in question is removed.  Does this sound right?

    If not, is this possible at all and how could it be done?

  • Create two Gateway Groups

    50MB Tier 1
    DSL Tier 2

    50MB Tier 1
    T3 Tier 2

    Create two firewall rules:

    Source: Subnet A
    Gateway: Group1

    Source: Subnet B
    Gateway: Group2

    So by default, if your 50MB line is up, both subnets are using this Gateway.
    If your 50MB line is down - they both failover to the Tier 2 gateway - which is different for the different subnets.

  • That would absolutely work - thanks!

Log in to reply