Successfully configured multi-wan f/o and want to WAN2 –> WAN1 when WAN1 online

  • Youtube Video

    This video tutorial helped me to successfully set up a multi-wan fail-over in our office.

    pfSense version: 2.0.3
    Primary WAN (WAN1) - cable
    Secondary WAN (WAN2) - Verizon broadband modem

    I have created 3 gateway groups.
    1 for load balancing (both set to Tier1)
    1 for fail over from WAN1 to WAN2 if member link down
    1 for fail over from WAN2 to WAN1 if member link down

    Then I added 3 firewall rules.
    1 for load balancing (chose the loadbalancing GW)
    1 for fail over from WAN1 to WAN2 (chose the WAN1–>WAN2 gateway)
    1 for fail over from WAN2 to WAN1 (chose the WAN2-->WAN1 gateway)

    It works like a charm.  If I unplug my cable modem (WAN1), it fails over to my vzw connection (WAN2) within approx. 10 seconds.  Now, what I want to do is modify this config so that as soon as WAN1 is back online fail over back to WAN1 from WAN2.  The reason for this is because the vzw broadband modem is our backup line and is much slower than cable so we don't want to use it unless we absolutely have to (i.e. cable is down).

    Based on the current configs, WAN2 --> WAN1 wouldn't happen unless WAN2 is down.  I thought about changing the WAN2-->WAN1 gw group's trigger level to another setting such as packet loss or high latency but I don't think that's going to work because I want to fail over back to WAN1 as soon as it becomes online again even when WAN2 is connected and within the defined packet loss and latency threshold settings.  I also thought about setting the weight of the WAN1 gateway to 5, which seems to be the max value, and leave the weight of WAN2 gateway as-is (which is 1) but then that would mean that some traffic would still go through WAN2, which is not what I want either.

    I think I'm struggling with the "if WAN1 is back online again then fail over from WAN2 to WAN1" part.  Any suggestion/idea would be greatly appreciated.

  • Hi,

    Is what you are asking for really needed?

    I would have thought that when WAN1 comes back online, traffic would meet your first firewall rule which is to load balance (and thus use WAN1 as per weighted preference).

    Or is it more complicated than that?


Log in to reply