Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problems with Multi-Wan

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 3 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      andresense
      last edited by

      I'm having problems with the use of two Internet links set to tier 1 in "groups". It turns out that access a CRM system the company (SugarCRM), the user's session is terminated under 10s, and the system reports the following error: "Your session was terminated due to a significant change in your IP address.". Someone has gone through this problem and know how to solve?

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        You have to setup a rule to do failover on traffic to those sorts of servers and not load balancing. That or try using Sticky (Sys > Adv, Misc)

        Most of the time you're better off doing failover for 443 and load balancing the other traffic.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • ?
          Guest
          last edited by

          It turns out that access a CRM system the company (SugarCRM), the user's session is terminated under 10s, and the system reports the following error: "Your session was terminated due to a significant change in your IP address.". Someone has gone through this problem and know how to solve?

          In normal or usually if this might be commercial based work, the network admin will
          create a VPN tunnel over IPSec, L2TP/IPSec or OpenVPN and the complete CRM data
          will go only through this VPN tunnel then, this might be better to targeting such a traffic.
          Perhaps this might be something also for you and the SugarCRM company?

          I'm having problems with the use of two Internet links set to tier 1 in "groups".

          With two Internet links you could do proper load balancing for well, but you must decide your
          self for one of the three main versions of load balancing to go with;

          • policy based routing (would be good for you)
          • session based routing (only good for servers)
          • service based routing (would be also matching your criteria)

          The source was shown in this older thread here:
          Here's what you need to do, under system -> Routing -> Gateway Groups

          1. Create a first group with description name "BALANCE", And set Tier 1 for both "wan's" and Trigger level to "latency or packet loss" [this for load balance]"

          2. Create a second group, description name "Wan1 Fail Wan2 Use"  and priority set wan1 to Tier1 and wan2 to Tier2, set "Trigger level" to member down.

          3. Create a third group, description name "Wan2 Fail Wan1 use" and priority set wan1 to Tier2 and Wan2 to Tier1, set "Trigger level" to member down.

          Now Coming Firewall Rules –> LAN, you need to create a three new rules,

          LIKE 1) BALANCE RULE
          Interfaces: Lan
          Protocol: ANY
          Source: LAN SUBNET
          Destination ports: ANY
          Gateway;BALANCE

          2) FAILOVER RULE 1
          Interfaces: Lan
          Protocol: ANY
          Source Address: ANY
          Destination ports: ANY
          Gateway;Wan1 Fail Wan2 Use

          3) FAILOVER RULE 2
          Interfaces: Lan
          Protocol: ANY
          Source Address: ANY
          Destination ports: ANY
          Gateway;Wan2 Fail Wan1 use

          Make sure to place them on top of the lan rules!
          This is more them enough for fail-overs.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.