Netgate SG-1000 microFirewall

Author Topic: Static routes and multiwan  (Read 688 times)

0 Members and 1 Guest are viewing this topic.

Offline Pakken

  • Jr. Member
  • **
  • Posts: 45
  • Karma: +0/-0
    • View Profile
Static routes and multiwan
« on: May 26, 2015, 09:37:22 am »
I'm currently working with a multiwan (2 dsl and 1 high-speed wireless wan link with a /29 routed static ip class) pfsense setup.

Given the fact the 2 dsl links external ip's are dynamically assigned by my isp, I need to ensure that some traffic goes straight through the other gateway due to access lists based on external ip set on the remote endpoint.

That said, I'm used to work with Fortinet firewalls and, to achieve this, all you need to do is add a static route with the destination IP and the internal gateway you wish to pass traffic to.
All I could see so far is that this won't work with pfsense. Is PBR and perhaps an "apply instantly on hit" flag the only way to achieve this in Pfsense?

Thank you in advance


Offline heper

  • Hero Member
  • *****
  • Posts: 2729
  • Karma: +259/-12
    • View Profile
Re: Static routes and multiwan
« Reply #1 on: May 26, 2015, 09:54:32 am »
use firewall rules (that include policy based routing) to accomplish what you want:
https://doc.pfsense.org/index.php/What_is_policy_routing
https://doc.pfsense.org/index.php/Multi-WAN#Firewall_Rules

Offline Pakken

  • Jr. Member
  • **
  • Posts: 45
  • Karma: +0/-0
    • View Profile
Re: Static routes and multiwan
« Reply #2 on: May 26, 2015, 12:25:05 pm »
Thanks for the answer, but making it work wasn't even close to be a problem. My question was more related to: is PBR the only viable way to route traffic across multiple gateways in pfsense? Thank you!

Offline heper

  • Hero Member
  • *****
  • Posts: 2729
  • Karma: +259/-12
    • View Profile
Re: Static routes and multiwan
« Reply #3 on: May 26, 2015, 03:45:31 pm »
i guess you probably could use static routes aswell (the gateway monitor ip's are setup statically and work that way).
although I wouldn't know any scenario where you would prefer todo it that way .... the pbr system is there to make this stuff easy, and i see no reason not to use it.

have you found a downside to it that you wish to share?

Offline Pakken

  • Jr. Member
  • **
  • Posts: 45
  • Karma: +0/-0
    • View Profile
Re: Static routes and multiwan
« Reply #4 on: May 27, 2015, 03:21:50 am »
There are no downsides I guess, it's just pfsense behaviour that puts policy routing above static routing, which is the opposite on what happens in fortinet units for example.
It's just a matter of what you're used to :)

Thank you, have a nice day!