About Tier in Failover

  • Guys,

    I have 3 links to set a failover. Which is the better way, about Tier:

    WAN1 - 20Mbps (default gateway)
    WAN2 - 4Mbps
    WAN3 - 2Mbps

    1, 2 and 3 or
    1, 2 and 2 or
    1, 1 and 1

    It's my first time in pfSense.

  • Netgate Administrator

    It depends how you want traffic to behave.
    If you set them all to the same tier level you will have outbound load balancing. If you have different tier levels traffic will always favour the lowest level. Traffic will use your tier1 WAN unless it goes down. This gives failover.


  stephenw10,

    thanks for replying!

    I made a drawning which shows my current topology:
    The ideia is forwarding the VLAN 3 and VLAN 4 to WAN3 (OPT1);
    the VLAN 1 and VLAN 2 to WAN2 (OPT2) and,
    the chiefs of each Office to WAN1 (WAN).

    …with failover to all.
    And, the gateway configuration, I'd set on DHCP Server -> Field Gateway for each VLAN.

    Is all of it possible?
    Is all of it possible?

  • Netgate Administrator


    And, the gateway configuration, I'd set on DHCP Server -> Field Gateway for each VLAN.


    You leave the gateway option empty in the DHCP server. This will give local clients the pfSense local interface as their gateway.
    You set the gateway for, load balance/failover/policy based, routing in the firewall rule on the local interface.

    So for example on the VLAN1 interface you set a rule to allow outbound traffic. Use source: VLAN1 subnet and set the gateway to 'your custom gateway'. Everything else set as any.
    Setup the gateway with WAN2 as tier 1 and WAN 1 and 3 as tier 2.
    Traffic from VLAN1 will then be routed via WAN2 unless it goes down when it will load balance between WAN 1 and WAN3.


  stephenw10,

    I think it's working now.
I did the Load Balance and it seems OK.
    I did the Load Balance and it seems OK.

    Doubt: it's necessary a rule to interface receive the pings request, isn't? Otherwise, the gateway status will appear offline.
    Well, I made a rule that allows them (pings). Because I had a problem when I took the ethernet cable away. The gateway was offline even the interface (OPTx) status online.

    Sorry the English…

