How To Setup pfsense Firewall Dual WAN and Gateway Policy Based Routing Rules ua-cam.com/video/HMWRCXSFVjU/v-deo.html SD Wan Video ua-cam.com/video/YjhEjWs8YzE/v-deo.html pfsense documentation docs.netgate.com/pfsense/en/latest/multiwan/index.html
Could you please make a video about Traffic Shaper with multiple WANs with different bandwidth? I have 2 internet connections, one is 40 mbit optic fibre and the other one is 90 mbit LTE. I want to use them for load balancing, but the issue is the whenever the LTE connection hits it's limits then the loaded latency goes to like 400 ms. Unloaded is like 23ms. When I set a traffic shaper and limit the connection speed to 70 mbits the loaded latency is just 53 ms. But the issue is I cannot set this traffic shaper to be per interface, instead I have to use the limiters in the LAN firewall rules, which limits the whole connection in the load balancing lan rule. I can't find a solution anywhere and I've been looking a lot. I thought I should be able to do it via the Traffic Shaper > By Interface, but nothing happens when I edit things there. What's going on? Please help!
But also to be noted that if you have different subnets/vlans that you need to access from your LAN side and you set the rule to use the gateway group for loadbalance/failover, you won't be able to access those other subnets/vlans. For that you'll need to create separate rules on top of the gateway group rule to allow access from LAN Net/LAN Address to the other subets/vlans using the default gateway.
@@shempasta because your one "allow any" rule on the LAN side forces traffic out the load balanced gateway group, which won't contain a route to your VLAN. You just need to change your one "allow any" rule to only be applicable for traffic which would be leaving your internal network, and create more rules to allow LAN to VLAN traffic.
This is such an important comment and should of been vital to this video. The best/easiest fix for this is to create a RFC1918 alias, then create a rule ABOVE the gateway rule to send traffic to the default gateway. The pfsense Docs actually cover this in good detail; search Google for “pfsense bypass policy routing”. In addition to this, it’d be a good idea to block RFC1918 addresses from traversing the internet. Without the above rule in place, traffic destined to a local address (ie. 192.168.1.x) will actually go out the WAN interface(s). Search Google for “Preventing RFC1918 Traffic from exiting a WAN interface”. Maybe Tom can create an updated video in 2024 to include these important details. Hope this helps.
Came back to this video as I had a client that needed failover. Just….really great stuff you have here Tom. Seriously. The Netgate docs are so good it just makes the whole thing easy. Makes me wonder why other vendors make networking much harder than it needs to be (Larger enterprises not counted).
This is great! I'm about to change ISPs, so it was good to review my pfSense again and make sure everything is still setup from the last time I changed.
Рік тому
I'm watching this for a second time, a lot simpler to setup when the video is not from the phone (as I had my primary ISP down when I found this guide). Thanks for a great tutorial. :)
Excellent video Tom! Tip: under System / Routing / Gateways (pfSense v2.6.0-RELEASE) you are provided the option to set the system wide default gateway(s). When selecting either a Failover or Load Balancing gateway group, either one of them is set system wide. No additional firewall rules needed.
Nope, you still need the gateway rule for the LAN or the load balancing plan will not work and while failover will work if you set that but it will force switch the gateways and disrupt connection when a failover member comes back online.
Gosh Tom, this video just cost me 30mins... :-) (great video though, thanks!). Watching it got me creative and made me subscribe to a 2nd vpn provider, so I could group the 2 for failover functionalities for my guest-lan, so they could go out forced via the tunnels. After creating the openvpn client, all my local clients lost connectivity.. Didn't get it at first, but then discovered their dhcp provided my openvpn client with a lease which overlapped with one of my local subnets. Bringing it down restored connectivity again! :-) Changing it on my end would mean alot of work unfortunately, so I'll check out another VPN provider I guess :-) Just wanted to share; keep up the great work! Appreciate your videos a lot! greatings from The Netherlands!
Love your videos about pfsense. In this case though, there is one, very important information, that was overlooked. The DNS setup, under SystemGeneral Setup, you need to assign one GW for each DNS you have. Otherwise you start having problems with DNS resolver.
Thanks for your video was incredible explanation. First sorry by my english but is so begginer jaja. Ok we have 2 wans connections... the first one service is 500Mb/500Mb and the second service is 200Mb/200Mb. We need to share 700Mb in wireless connection using UAP-AC-PRO how we add both ISP Services
Great video Tom, some of the things some folks run into though would be as one of the paths starts to saturate the gateway down detection will start to think the link is down and switch gateways erroneously. You can add some prioritization to fix that but it would be best to use AQM like CODEL. And I am not sure if pfsense still has a bug using CODEL on dual WAN's or not. I switched over to OPNsense about a year ago because of that. It still does not work perfectly with CODEL but better than pfsense at least in my case.
sticky connection option was missing as i did that years ago and forgot to configure it with my new setup .. it effects lots of sites specially the ones with financial ones...
Thanks for your excellent video. I really love your video. I have one question though, would this work with 2 different ISP or does it need to have 2 IP address coming from the ISP?
how do you force 1 lan ip address, to force to use a backup wan, so it can be on that wan, and the rest of network uses the default wan... or can u have a 2nd set of failover wans the specific devices can use?
Thank you. I successfully installed on pfsense dual wan. I workes fine, except of the VLANs. I can't use the Gateway Group for the LAN. I saw now what urzu181 wrote. As I'm not a professional, I was not able to extend the firewall rules, so that it will work as expected. For each VLAN I created on LAN a rule for local traffic with the default gateway. As the last rule I use the gateway group loadbalance. I appreciate very much if you could let us know an example for VLANs.
Anyone find that Sticky Connection does not work properly? Sticky Connection seems to ignore the timeout setting - I've set it as high as 600s but connections are still being bounced between connections.
I have a noob question, which one is higher priority in term of default gw rules: 1. System>Routing>Gateways>Default gateway 2. Firewall>Rules>LAN>Extra Options>Gateway
My ISP is beginning to have outages more often and this video has me thinking I should get a hotspot with an Ethernet port from a mobile carrier and set it up as my failover WAN. I have several LANs, however, and I was wondering if there is a single setting to get all of them to use the failover gateway group or whether I have to do it for each of them individually. On a similar note, if the firewall for an interface has several rules, does the gateway have to be changed for every rule indivdually? (I suspect the answer is yes)
Thanks for the video. I have one problem, lets say I put my laptop on failover or load balance, then I cannot ping it from a device on another LAN or VLAN. When I change it back to default gateway, I can ping. Any ideas why it's happening ?
@ Lawrence Systems I would love to see a tutorial of openvpn client configured with an openvpn access server using pfsense. Not sure if it’s even possible. The only tutorial I could fine was on the pia site and that’s for the client only with no instructions of how to add in your own VPS openvpn access server.
Well first I have an isp that uses CGNAT so all incoming requests are blocked and I prefer flexibility to open any port number I want, to host a node on my local device let’s say a raspberry pi.
In the past, I have reinstalled pfSense on my system. And when I reinstalled this time. Now it won't let me upgrade the pfSense software and I reinstalled it several times not knowing why it won't work.
Hum, what if my certificate from Let's Encrypt is expecting a particular IP for it to be renewed ? I am currently manually failing the interface, updating the Cert and activating it again.
I need clarification when it comes to failover. If i have 2 upstreams, Tier 1 and Tier 2. Tier 1 fails and now Tier 2 is primary. Once Tier 1 is "fixed" does that bring Tier 1 back to primary again? My second question is, if my primary Tier 1 circuit goes down can you make it so that if it does come back up again it is not used as primary? Maybe you want to bring it back in service during a maintenance window as to not cause an outage
If Tier 1 is primary and Tier 1 fails Tier 1, Tier 2 becomes primary, if you have the LAN Gateway rule Tier 1 coming back does not disrupt users because it just offers a favored path, but does not force the use of that path.
how do you set this up if there will be an additional two switches after the pfsense? does this mean that my pc should have 4 NICs or could I use a splitter to transfer the connection from the pfsense to the two switches?
Been using this for years to both balance and failover all my connections i want out/in through vpn servers in pfsense 😎 seemless vpn access for everyone connected
It's just like the video shows for LAN. You have two options, one can change the default gateway (System>Routing>Gateways>Default gateway) from WAN_DHCP to the balanced gateway group you created so it will apply to every LAN/VLAN that is using the default GW. The other option is to go into each VLAN and change the firewall rule that allows traffic to the internet (typically the last firewall rule for the LAN or VLAN in question) from the default gateway to the balanced gateway group. Note, it's an advanced option for the firewall rule so you will need to click the "Display Advanced" button first.
Great Video. I have done the same, but i have in this configuration an internal webserver at interface LAN (portforwarded 443) (with bookstack). If i set the firewall rule with the balance gateway, ich cant reach the server. If i remove the gateway "balanced" in the advanced-section it works again. Anyone know the problem? Thanks.
I have two separate internet connections on my pc. One is from regular lan cable to router. Other is over mobile hotspot 4g internet connection. I wish to utilize both at the same time on my pc. Is that possible? Is there software on windows system that can support such use of two separate internet connections at the same time. My main issue is that I have better download speed on one of them, namely the Lan connection. While my upload speed is better of the 4g. I would be using lan internet for regular playing and connectivity, while I would be using 4g to upload my stream. However I am open for any suggestions you can give me. Thank you upfront for any useful comment you guys provide.
Tengo el FW con 2 ISP diferentes, los tengo en el balanceador de carga. También puedo configurar VPN IPSEC en cada ISP pero necesito que sean conmutables entre ellos en caso de caida de alguno de los 2 ISP. como se configura esa conmutación?
I have a failover to WAN2 when WAN1 goes offline. But the default gateway changes to WAN2 but when WAN1 is restored it never goes back to WAN1 by itself. Does anyone know a fix?
Hi thanks for the video. was just setting up failover today but funny issues after wan1 is down (disconnected) and the line move to wan2, than wan1 is live but the link stuck on pending and only after saving the wan1 setting (with no changes done) the link get back to wan1 - wan1 is set as tier 1 and wan2 as tier 2, also wight of wan2 is set to 2....
What appliance do you have? I also have same situation on my Netgate 1100, but it simply doesn't happen on my another Netgate 6100, on 6100 everything works flawlessly.
What if we have 2 or more ISPs with different BW Speed, like 1st one 100Mbps and another one 50Mbps,, is there any precentage to config which port would be set higher? Ex: wan1 :65% wan2: 35% Thanks
I covered that in the video, its called "Unequal Cost Load Balancing" docs.netgate.com/pfsense/en/latest/multiwan/strategies.html#multiwan-unequal-cost
You could make an Video about HA pf/opn sense. But with 2 different hardware boxes, or an physical and virtual instance. Dual-wan in pf/opnsense is something that already everyone knows and there are 200videos about and 1000 google results including official documentation. About ha on different hardware connecting to one pppoe connection (active/passive), since you can logon only with one box to pppoe and not both at same time. That sort of videos doesn't exist. Cheers
@@LAWRENCESYSTEMS luckily i have 2 proxmox nodes here. If one node goes down, i still have internet access because the vm on the other node goes up. Luckily i have my opnsenses virtualized and proxmox has a nice way to realize such things with scripts. The thing is, i need to reboot my nodes, because of updates/bios updates etc, once i wasn't at home and family made with a mixer a short. The server turned off, the other Server started the opnsense instance and they had still internet, till i returned. Such cases happens quite often in every home. And i seen already an HA discussion about pppoe failover, there is even an plugin for it. So HA failover looks like a more teliable way to me. Different hardware is no problem either, since you can explicitly select what you want to sync, it's just not very granular. And i see nothing that speaks against it. Just didn't had time to realize it myself. I mean if you don't want to make an video about that, that's absolutely your free will, im just saying that such videos, who everyone on the planet already knows, make no sense to produce. Additionally to that, that almost no home user has 2 internet connections. That's only sth for some businesses, but i doubt that any of those watch your channel. They have usually a contract anyway with an it company that supports them. So dunno actually who you even want to reach. Cheers
@@RamaOlama We booked about 500 paid consulting calls this year from business and IT professionals that watch my channel, and mismatched hardware (including virtualized) for HA can be troublesome.
How To Setup pfsense Firewall Dual WAN and Gateway Policy Based Routing Rules
ua-cam.com/video/HMWRCXSFVjU/v-deo.html
SD Wan Video
ua-cam.com/video/YjhEjWs8YzE/v-deo.html
pfsense documentation
docs.netgate.com/pfsense/en/latest/multiwan/index.html
you are a good man, thank you
Could you please make a video about Traffic Shaper with multiple WANs with different bandwidth? I have 2 internet connections, one is 40 mbit optic fibre and the other one is 90 mbit LTE.
I want to use them for load balancing, but the issue is the whenever the LTE connection hits it's limits then the loaded latency goes to like 400 ms. Unloaded is like 23ms. When I set a traffic shaper and limit the connection speed to 70 mbits the loaded latency is just 53 ms. But the issue is I cannot set this traffic shaper to be per interface, instead I have to use the limiters in the LAN firewall rules, which limits the whole connection in the load balancing lan rule.
I can't find a solution anywhere and I've been looking a lot. I thought I should be able to do it via the Traffic Shaper > By Interface, but nothing happens when I edit things there. What's going on? Please help!
That Firewall rule was all I did wrong... Thanks for the video, huge help!
Thank you! Couldn't get this to work before watching. I didn't know about the LAN FW rule part. Works like a charm now!
But also to be noted that if you have different subnets/vlans that you need to access from your LAN side and you set the rule to use the gateway group for loadbalance/failover, you won't be able to access those other subnets/vlans. For that you'll need to create separate rules on top of the gateway group rule to allow access from LAN Net/LAN Address to the other subets/vlans using the default gateway.
Had this problem. Why does this happen?
@@shempasta because your one "allow any" rule on the LAN side forces traffic out the load balanced gateway group, which won't contain a route to your VLAN. You just need to change your one "allow any" rule to only be applicable for traffic which would be leaving your internal network, and create more rules to allow LAN to VLAN traffic.
@@SuperDydx Thank you for elaborating!!
This is such an important comment and should of been vital to this video. The best/easiest fix for this is to create a RFC1918 alias, then create a rule ABOVE the gateway rule to send traffic to the default gateway. The pfsense Docs actually cover this in good detail; search Google for “pfsense bypass policy routing”.
In addition to this, it’d be a good idea to block RFC1918 addresses from traversing the internet. Without the above rule in place, traffic destined to a local address (ie. 192.168.1.x) will actually go out the WAN interface(s). Search Google for “Preventing RFC1918 Traffic from exiting a WAN interface”.
Maybe Tom can create an updated video in 2024 to include these important details. Hope this helps.
Came back to this video as I had a client that needed failover. Just….really great stuff you have here Tom. Seriously. The Netgate docs are so good it just makes the whole thing easy. Makes me wonder why other vendors make networking much harder than it needs to be (Larger enterprises not counted).
This is great! I'm about to change ISPs, so it was good to review my pfSense again and make sure everything is still setup from the last time I changed.
I'm watching this for a second time, a lot simpler to setup when the video is not from the phone (as I had my primary ISP down when I found this guide). Thanks for a great tutorial. :)
Now this solves my issue with my load balancing issues. I just missed that gateway setting on the firewall rule.
Excellent video Tom! Tip: under System / Routing / Gateways (pfSense v2.6.0-RELEASE) you are provided the option to set the system wide default gateway(s). When selecting either a Failover or Load Balancing gateway group, either one of them is set system wide. No additional firewall rules needed.
Nope, you still need the gateway rule for the LAN or the load balancing plan will not work and while failover will work if you set that but it will force switch the gateways and disrupt connection when a failover member comes back online.
@@LAWRENCESYSTEMS Thanks Tom, everything seemed to work fine, but I did not come across the situation ypu described. I'll do some more testing.
@@LAWRENCESYSTEMS Tried it, you're spot on! Thanks Tom!
Gosh Tom, this video just cost me 30mins... :-) (great video though, thanks!). Watching it got me creative and made me subscribe to a 2nd vpn provider, so I could group the 2 for failover functionalities for my guest-lan, so they could go out forced via the tunnels. After creating the openvpn client, all my local clients lost connectivity.. Didn't get it at first, but then discovered their dhcp provided my openvpn client with a lease which overlapped with one of my local subnets. Bringing it down restored connectivity again! :-) Changing it on my end would mean alot of work unfortunately, so I'll check out another VPN provider I guess :-) Just wanted to share; keep up the great work! Appreciate your videos a lot! greatings from The Netherlands!
Thank you for the instructions -- I was having a hard time finding where you select the gateway group for an interface.
Love your videos about pfsense. In this case though, there is one, very important information, that was overlooked. The DNS setup, under SystemGeneral Setup, you need to assign one GW for each DNS you have. Otherwise you start having problems with DNS resolver.
Thank you for making this video, I always learn so much.
Great video! I really look forward to your videos especially the ones on pfSense! Thanks Tom!
looking great..thx dude for the tutor. easy simple
Thanks for your video was incredible explanation. First sorry by my english but is so begginer jaja. Ok we have 2 wans connections... the first one service is 500Mb/500Mb and the second service is 200Mb/200Mb. We need to share 700Mb in wireless connection using UAP-AC-PRO how we add both ISP Services
Thanks for this awsome video. I improve a lot my concepts of loadbalance and failover.
Awesome tutorial as always!
Glad you liked it!
Great video Tom, some of the things some folks run into though would be as one of the paths starts to saturate the gateway down detection will start to think the link is down and switch gateways erroneously. You can add some prioritization to fix that but it would be best to use AQM like CODEL. And I am not sure if pfsense still has a bug using CODEL on dual WAN's or not. I switched over to OPNsense about a year ago because of that. It still does not work perfectly with CODEL but better than pfsense at least in my case.
Hey Tom!
Hopefully in the future you can also make a video of setting up OpenVPN with Multiple WAN :D
Just open the ports on both WAN
sticky connection option was missing as i did that years ago and forgot to configure it with my new setup .. it effects lots of sites specially the ones with financial ones...
Thanks for your excellent video. I really love your video. I have one question though, would this work with 2 different ISP or does it need to have 2 IP address coming from the ISP?
Best with two or more ISP's
Nice needed this to finsh my own test thanx
Thank you!
Thanks
nice tutorial.... as usual
Great video Tom!
how do you force 1 lan ip address, to force to use a backup wan, so it can be on that wan, and the rest of network uses the default wan... or can u have a 2nd set of failover wans the specific devices can use?
I would love content like this without the web admin. How do setup load balanced WANs on Linux. I.e. Not pfsense or other web admin.
thank you for this video!
hello, thank you very much for your videos, can you tell me about the pfsense + Ipsec + MultiWAN bundle, with the dynamic routing setup.🙂
Thank you. I successfully installed on pfsense dual wan. I workes fine, except of the VLANs. I can't use the Gateway Group for the LAN.
I saw now what urzu181 wrote. As I'm not a professional, I was not able to extend the firewall rules, so that it will work as expected.
For each VLAN I created on LAN a rule for local traffic with the default gateway. As the last rule I use the gateway group loadbalance.
I appreciate very much if you could let us know an example for VLANs.
You need a rule for load balance or fail over rule each VLAN
Anyone find that Sticky Connection does not work properly? Sticky Connection seems to ignore the timeout setting - I've set it as high as 600s but connections are still being bounced between connections.
This is an excellent tutorial , but when some one on lan playing online it will be balanced or assigned to one of the 2 wan's
Games generally don't allow for data to come from two different IP addresses.
Great Video!
I have a noob question, which one is higher priority in term of default gw rules:
1. System>Routing>Gateways>Default gateway
2. Firewall>Rules>LAN>Extra Options>Gateway
This one 2. Firewall>Rules>LAN>Extra Options>Gateway and always using that will be better.
Can bond/Load balance 5WAN connections in pfsense?
Or please suggest me any other open source firewall available to do such role
Load balance yes, SDWAN & Bonding is a more complex answer ua-cam.com/video/YjhEjWs8YzE/v-deo.html
My ISP is beginning to have outages more often and this video has me thinking I should get a hotspot with an Ethernet port from a mobile carrier and set it up as my failover WAN. I have several LANs, however, and I was wondering if there is a single setting to get all of them to use the failover gateway group or whether I have to do it for each of them individually.
On a similar note, if the firewall for an interface has several rules, does the gateway have to be changed for every rule indivdually? (I suspect the answer is yes)
Thanks for the video. I have one problem, lets say I put my laptop on failover or load balance, then I cannot ping it from a device on another LAN or VLAN. When I change it back to default gateway, I can ping. Any ideas why it's happening ?
Not sure, try posting in the forums.
@ Lawrence Systems
I would love to see a tutorial of openvpn client configured with an openvpn access server using pfsense. Not sure if it’s even possible. The only tutorial I could fine was on the pia site and that’s for the client only with no instructions of how to add in your own VPS openvpn access server.
I don't understand your goal
Well first I have an isp that uses CGNAT so all incoming requests are blocked and I prefer flexibility to open any port number I want, to host a node on my local device let’s say a raspberry pi.
In the past, I have reinstalled pfSense on my system. And when I reinstalled this time. Now it won't let me upgrade the pfSense software and I reinstalled it several times not knowing why it won't work.
Hum, what if my certificate from Let's Encrypt is expecting a particular IP for it to be renewed ? I am currently manually failing the interface, updating the Cert and activating it again.
LE used DNS to determine IP.
I need clarification when it comes to failover. If i have 2 upstreams, Tier 1 and Tier 2. Tier 1 fails and now Tier 2 is primary. Once Tier 1 is "fixed" does that bring Tier 1 back to primary again?
My second question is, if my primary Tier 1 circuit goes down can you make it so that if it does come back up again it is not used as primary? Maybe you want to bring it back in service during a maintenance window as to not cause an outage
If Tier 1 is primary and Tier 1 fails Tier 1, Tier 2 becomes primary, if you have the LAN Gateway rule Tier 1 coming back does not disrupt users because it just offers a favored path, but does not force the use of that path.
@@LAWRENCESYSTEMS does this assume my gateway group is set up for load balancing or for failover?
@@PowerUsr1 works the same for both.
@@LAWRENCESYSTEMS thank you sir.
how do you set this up if there will be an additional two switches after the pfsense? does this mean that my pc should have 4 NICs or could I use a splitter to transfer the connection from the pfsense to the two switches?
Been using this for years to both balance and failover all my connections i want out/in through vpn servers in pfsense 😎 seemless vpn access for everyone connected
How do you load balance with multiple VLANS already in place?
It's just like the video shows for LAN. You have two options, one can change the default gateway (System>Routing>Gateways>Default gateway) from WAN_DHCP to the balanced gateway group you created so it will apply to every LAN/VLAN that is using the default GW. The other option is to go into each VLAN and change the firewall rule that allows traffic to the internet (typically the last firewall rule for the LAN or VLAN in question) from the default gateway to the balanced gateway group. Note, it's an advanced option for the firewall rule so you will need to click the "Display Advanced" button first.
Great Video. I have done the same, but i have in this configuration an internal webserver at interface LAN (portforwarded 443) (with bookstack). If i set the firewall rule with the balance gateway, ich cant reach the server. If i remove the gateway "balanced" in the advanced-section it works again. Anyone know the problem? Thanks.
I have two separate internet connections on my pc. One is from regular lan cable to router. Other is over mobile hotspot 4g internet connection. I wish to utilize both at the same time on my pc. Is that possible? Is there software on windows system that can support such use of two separate internet connections at the same time. My main issue is that I have better download speed on one of them, namely the Lan connection. While my upload speed is better of the 4g. I would be using lan internet for regular playing and connectivity, while I would be using 4g to upload my stream. However I am open for any suggestions you can give me. Thank you upfront for any useful comment you guys provide.
This is great. I hope it works with more than 2 connections.
Yes it does
@@LAWRENCESYSTEMS Great.
Is it only pfsense+ that got this or ordinary pfsense too?
I cannot figure out which netgate got more than 2 WAN ports :o
@@JoATTech you can configure the interfaces however you want, they don't have to be physically marked as WAN or LAN
@@GiorgioAresu DO you mean for any netgate device? If so this is good news.
@@JoATTech I did this on pfsense CE no plus, but both have it. Any logical port can be assigned WAN.
Tengo el FW con 2 ISP diferentes, los tengo en el balanceador de carga. También puedo configurar VPN IPSEC en cada ISP pero necesito que sean conmutables entre ellos en caso de caida de alguno de los 2 ISP. como se configura esa conmutación?
I have a failover to WAN2 when WAN1 goes offline. But the default gateway changes to WAN2 but when WAN1 is restored it never goes back to WAN1 by itself.
Does anyone know a fix?
Do you have wan2 to wan1 preferred rule created as well?
Can I use the OPT port as a WAN 2?
Yes
I prefer to do load balancer manually, each vlan uses a different gateway group and each has a tier1 and tier2 gateways.
Hi thanks for the video. was just setting up failover today but funny issues after wan1 is down (disconnected) and the line move to wan2, than wan1 is live but the link stuck on pending and only after saving the wan1 setting (with no changes done) the link get back to wan1 - wan1 is set as tier 1 and wan2 as tier 2, also wight of wan2 is set to 2....
What appliance do you have? I also have same situation on my Netgate 1100, but it simply doesn't happen on my another Netgate 6100, on 6100 everything works flawlessly.
Any instantaneous failover options?
That would be an SDWAN solution
What if we have 2 or more ISPs with different BW Speed, like 1st one 100Mbps and another one 50Mbps,, is there any precentage to config which port would be set higher? Ex: wan1 :65% wan2: 35%
Thanks
I covered that in the video, its called "Unequal Cost Load Balancing" docs.netgate.com/pfsense/en/latest/multiwan/strategies.html#multiwan-unequal-cost
You could make an Video about HA pf/opn sense.
But with 2 different hardware boxes, or an physical and virtual instance.
Dual-wan in pf/opnsense is something that already everyone knows and there are 200videos about and 1000 google results including official documentation.
About ha on different hardware connecting to one pppoe connection (active/passive), since you can logon only with one box to pppoe and not both at same time.
That sort of videos doesn't exist.
Cheers
It's not a great idea and probably wouldn't work well.
@@LAWRENCESYSTEMS luckily i have 2 proxmox nodes here.
If one node goes down, i still have internet access because the vm on the other node goes up.
Luckily i have my opnsenses virtualized and proxmox has a nice way to realize such things with scripts.
The thing is, i need to reboot my nodes, because of updates/bios updates etc, once i wasn't at home and family made with a mixer a short.
The server turned off, the other Server started the opnsense instance and they had still internet, till i returned.
Such cases happens quite often in every home.
And i seen already an HA discussion about pppoe failover, there is even an plugin for it.
So HA failover looks like a more teliable way to me.
Different hardware is no problem either, since you can explicitly select what you want to sync, it's just not very granular.
And i see nothing that speaks against it.
Just didn't had time to realize it myself.
I mean if you don't want to make an video about that, that's absolutely your free will, im just saying that such videos, who everyone on the planet already knows, make no sense to produce.
Additionally to that, that almost no home user has 2 internet connections.
That's only sth for some businesses, but i doubt that any of those watch your channel. They have usually a contract anyway with an it company that supports them.
So dunno actually who you even want to reach.
Cheers
@@RamaOlama We booked about 500 paid consulting calls this year from business and IT professionals that watch my channel, and mismatched hardware (including virtualized) for HA can be troublesome.
@@LAWRENCESYSTEMS okay, i mean im not impressed with HA, on opn/pfsense either.
Thanks for replying, see you next time😘