Netgate SG-1000 microFirewall

Author Topic: Gateway Group Priority Tier Ignored to Prefer Default Gateway  (Read 144 times)

0 Members and 1 Guest are viewing this topic.

Offline RichH

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
Gateway Group Priority Tier Ignored to Prefer Default Gateway
« on: February 08, 2018, 04:45:15 pm »
Using pfSense 2.4.2P1, I have set up 2 WAN's and gateways, a LAN with NAT, a Gateway Group set to failover, and a floating firewall rule to point to the the Gateway Group.  It all works great -- I can pull any WAN cable and it fails over beautifully to the other as it is supposed to (Trigger Level set to "Member down").

The Problem:  Tier is ignored.  The gateway set as default gets the priority no matter what the tier is set to. 

Anyone else see this issue?  Is this a bug, supposed to be this way, or have I missed some setup?

eth0=Wan1
eth1=Wan2
eth3=LAN
Gateway Group1=Gateway for eth0/Wan1 and eth1/Wan2
Floating Firewall Rule Gateway = Gateway Group1

Used these links in my setup:
https://doc.pfsense.org/index.php/Multi-WAN
https://doc.pfsense.org/index.php/Gateway_Settings
http://opensourceforu.com/2016/08/configuring-pfsense-dual-wan-failover-mode


Offline RichH

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
Re: Gateway Group Priority Tier Ignored to Prefer Default Gateway
« Reply #1 on: February 08, 2018, 05:40:08 pm »
Got it to work.  Had to set the default gateway in the LAN firewall rules to the Gateway Group.  I had thought this was taken care of in the floating rules, but apparently not.  Will have to study the relationship of the floating rules to the normal firewall rules a bit more . . .

Offline kpa

  • Hero Member
  • *****
  • Posts: 1232
  • Karma: +138/-6
    • View Profile
Re: Gateway Group Priority Tier Ignored to Prefer Default Gateway
« Reply #2 on: February 09, 2018, 07:32:51 am »
The gateway setting on the floating rules is ignored for outgoing traffic on the WANs (in fact for any interface when the direction of the traffic is out) so you have to tag that traffic for a specific gateway or gateway group with LAN rules when the traffic enters the firewall.

Offline RichH

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
Re: Gateway Group Priority Tier Ignored to Prefer Default Gateway
« Reply #3 on: February 09, 2018, 10:15:46 am »
So it looks like step 3 in the opensource link above to create a floating rule is unnecessary?  Is there any reason to keep the floating rule?  Seems to work fine without it . . .

Offline RichH

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
Re: Gateway Group Priority Tier Ignored to Prefer Default Gateway
« Reply #4 on: February 09, 2018, 10:32:04 am »
Found this had already been answered in "floating rules to switch gateway" here:
https://forum.pfsense.org/index.php?topic=139752.0