Separate network using Virtual IP and alias
-
hi all,
since im new to pfsense i need some help on finishing some configurations. i have an office of 50 pc and 50 voip phones. im using the loadbalancing and failover (already configured). my questions is how i can separate the network so the VOIP phone use one GW1 and the PC use the other GW2?
thanks for the help !!
-
The firewall rules have a Gateway picker down in the Advanced section. Add an Allow rule that directs the VoIP phones' IP addresses or subnet to the specified gateway.
-
hi,
thanks for the reply. do i need to create alias for this ? can you be more specific ! :)
-
It makes it easy to maintain if you use Aliases. Make an Alias that contains all the IP addresses of the phones. Then use that as source in the firewall rule, destination any, in the advanced section select the gateway you want. Then do similar for the PCs…
-
thanks its working. i have one more question, by creating this rules the load-balancing and fail over will be affected??
thanks in advance !
-
If you want traffic from particular clients to go on a particular WAN then you don't want load-balancing - so yes, load-balancing is effected because you don't want it :)
If you want failover, so that the traffic usually goes out the WAN you specify, but fails over to some other WAN when the first is down, then make gateway groups for each failover combination you need, e.g.:
Gateway Group Failover1 - WAN1 Tier 1, WAN2 Tier 2 - traffic on WAN1 normally, then to WAN2 if WAN1 is down
Gateway Group Failover2 - WAN2 Tier 1, WAN1 Tier 2 - traffic on WAN2 normally, then to WAN1 if WAN2 is downThen use the required gateway group in your rules, instead of directly using WAN1 or WAN2 gateway.
-
the fail over i prefer to have it. how i can disable the loadbalancing?
-
Load Balancing is just a gateway group with all WANs on the same tier.
Make all gateway groups with WANs on different tiers, 1, 2… in priority order. Use those in your rules.
Then you can delete any Load Balancing "same tier" gateway groups. -
sorry for the late response but it's working now :))) thanks a lot !!
