Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Mutli WAN and DNS Question

    Scheduled Pinned Locked Moved Routing and Multi WAN
    5 Posts 3 Posters 799 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      alltime
      last edited by

      We finally set-up our box for dual wan fail-over. All seems to work, however, will the default gateway also switch during "member down"?

      Also, within System >> General Setup, our DNS servers are Google DNS, but connect using one of the WAN gateways. Does it make sense to create four entries to different gateways? For example:

      8.8.8.8 use Gateway 1
      8.8.4.4 use Gateway 1

      8.8.8.8 use Gateway 2
      8.8.4.4 use Gateway 2

      1 Reply Last reply Reply Quote 0
      • P Offline
        phil.davis
        last edited by

        For the default gateway to switch, enable System:Advanced:Miscellaneous "Enable default gateway switching". In a simple 2-WAN configuration it works, because the "other" possible gateway is only 1. In more complicated setups (3 or more WAN, other gateways with static routes to reach private places…) there is no way to tell it which gateway/s are allowed for switching so you cannot really control it.

        For DNS I put 1 DNS server to each WAN gateway. Not sure what will happen if you list a DNS server multiple times in General Setup.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • A Offline
          alltime
          last edited by

          Phil, thank you. That cleared things up quite a bit.

          I noticed the following within that setting:

          This is not enabled by default, as it's unnecessary in most all scenarios, which instead use gateway groups.

          I made the change anyway, because it makes sense. However does having a gateway group override this setting then?

          1 Reply Last reply Reply Quote 0
          • P Offline
            phil.davis
            last edited by

            Traffic that matches rules with a gateway group specified will go out according to the gateway group tier level/s.
            Other traffic that matches pass rules with no gateway group specified goes to the ordinary routing table - and thus goes out the default gateway (unless to other directly-connected networks, static routes…).
            If all your "real" user traffic is matched by rules with gateway groups, then default gateway switching is mostly useful just for traffic from pfSense itself - when the default gateway is down it switches to another gateway and you can still download packages, do an upgrade...

            As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
            If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

            1 Reply Last reply Reply Quote 0
            • luckman212L Offline
              luckman212 LAYER 8
              last edited by

              In my experience you absolutely must enable the "Enable default gateway switching" option if you wish to receive email alerts from pfSense about Gateway failures. Unless I have missed something, policy rules are not applied to traffic coming from pfSense itself.  So, even if you have routing groups set up, they will be ignored for SMTP alerts from the router and so if the primary GW goes down, you won't get an alert unless pfS can switch its default GW.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.