Source based routing during failover

caustic386 · Jul 6, 2012, 1:12 PM

Currently we have a 50Mb cable modem for our Internet connection. It is faily reliable, but when it goes out we failover to dual T1s (3Mb). This is obviously very painful by comparison, even with traffic shaping.

We would like to add a DSL line for failover purposes, but only 6Mb is offered in our area. Would it be possible to configure pfSense in such a way, that if the 50Mb line goes down, subnet1 uses the DSL while subnet2 uses the T1's? This seems different to me than a gateway group.

My first thought is to create a catch-all that directs traffic out the 50Mb connection, and then specify individual rules for specific subnets after that rule. I believe that when a failure is detected, the gateway in question is removed. Does this sound right?

If not, is this possible at all and how could it be done?

Nachtfalke · Jul 6, 2012, 1:20 PM

Create two Gateway Groups

Group1:
50MB Tier 1
DSL Tier 2

Group2
50MB Tier 1
T3 Tier 2

Create two firewall rules:

Rule1:
Source: Subnet A
Gateway: Group1

Rule2
Source: Subnet B
Gateway: Group2

So by default, if your 50MB line is up, both subnets are using this Gateway.
If your 50MB line is down - they both failover to the Tier 2 gateway - which is different for the different subnets.

caustic386 · Jul 6, 2012, 1:47 PM

That would absolutely work - thanks!