Problems with Multi-Wan



  • I'm having problems with the use of two Internet links set to tier 1 in "groups". It turns out that access a CRM system the company (SugarCRM), the user's session is terminated under 10s, and the system reports the following error: "Your session was terminated due to a significant change in your IP address.". Someone has gone through this problem and know how to solve?


  • Rebel Alliance Developer Netgate

    You have to setup a rule to do failover on traffic to those sorts of servers and not load balancing. That or try using Sticky (Sys > Adv, Misc)

    Most of the time you're better off doing failover for 443 and load balancing the other traffic.



  • It turns out that access a CRM system the company (SugarCRM), the user's session is terminated under 10s, and the system reports the following error: "Your session was terminated due to a significant change in your IP address.". Someone has gone through this problem and know how to solve?

    In normal or usually if this might be commercial based work, the network admin will
    create a VPN tunnel over IPSec, L2TP/IPSec or OpenVPN and the complete CRM data
    will go only through this VPN tunnel then, this might be better to targeting such a traffic.
    Perhaps this might be something also for you and the SugarCRM company?

    I'm having problems with the use of two Internet links set to tier 1 in "groups".

    With two Internet links you could do proper load balancing for well, but you must decide your
    self for one of the three main versions of load balancing to go with;

    • policy based routing (would be good for you)
    • session based routing (only good for servers)
    • service based routing (would be also matching your criteria)

    The source was shown in this older thread here:
    Here's what you need to do, under system -> Routing -> Gateway Groups

    1. Create a first group with description name "BALANCE", And set Tier 1 for both "wan's" and Trigger level to "latency or packet loss" [this for load balance]"

    2. Create a second group, description name "Wan1 Fail Wan2 Use"  and priority set wan1 to Tier1 and wan2 to Tier2, set "Trigger level" to member down.

    3. Create a third group, description name "Wan2 Fail Wan1 use" and priority set wan1 to Tier2 and Wan2 to Tier1, set "Trigger level" to member down.

    Now Coming Firewall Rules –> LAN, you need to create a three new rules,

    LIKE 1) BALANCE RULE
    Interfaces: Lan
    Protocol: ANY
    Source: LAN SUBNET
    Destination ports: ANY
    Gateway;BALANCE

    2) FAILOVER RULE 1
    Interfaces: Lan
    Protocol: ANY
    Source Address: ANY
    Destination ports: ANY
    Gateway;Wan1 Fail Wan2 Use

    3) FAILOVER RULE 2
    Interfaces: Lan
    Protocol: ANY
    Source Address: ANY
    Destination ports: ANY
    Gateway;Wan2 Fail Wan1 use

    Make sure to place them on top of the lan rules!
    This is more them enough for fail-overs.


Log in to reply