NAT issue using 2 Wan´s

  • Hi guys

    I currently use 2 WAN ISP providers, due to the fact that i cannot rely on a single ISP provider as they cannot guarantee 100% uptime connection.

    so ok first things first i have configured the 2 WAN ports, and both modems from ISP configured in Bridge mode and Pfsense does all the authentication mode.

    but this is where problems start

    1 ISP is configured as active whilst the other is disabled , when ISP provider fails connection i disabled the Link port on pfsense and activate second ISP port, the problem is NAT firewalling ports, they are all setup on first link configured, so i have to go into to all the ports open on the firewall and exchange settings for opening ports setup on new WAN link configured..

    My question is , is there an automatic way of doing this? example once i bring second WAN port UP it saves all new WAN settings (interface name, etc..
    ) all automatically in the system so all ports forwards etc.. get active straight away on the secon WAN port name and link also?

    My dyndns dinamic works automatically once new IP from new WAN gets picked up on the system, it automatically logs in to dyndns and no-ip and it updates new ip address , but i still have the ISSUE with NAT ports on firewall they all stay blocked, so i have to go manually on each port (about 25 different ports) and replace wan name and few more settings to link the port to the new WAN interface..

    Any ideas,tips,hints will be welcomed…. i am using latest 2.1.5 version PFsense

    cheers guys

  • I'm not sure if this is the most efficient way of setting it up. On my multi WAN setup, I create the failover groups described in the documentation.  For NAT, I created each rule twice.  One with destination of the first WAN interface and then again for the other.  Leave them all active.  You will need to configure the monitor for each interface that works best with your connections.  Make sure you change any outbound rules to use the gateway group you setup for failover, especially your default rule.  When one interface goes down, all traffic will go out the other interface.  Using Dynamic DNS will cause some downtime until the new IP is propagated.  But once DNS is updated with the current IP, all inbound NAT will work automatically.