I use "Firewall: Settings: Advanced: Skip rules" for this purpose. A rule forces traffic from specific clients into a gateway, unless the gateway is down.
Hi gilau,
in OPNsense you can find the same settings, but they are located somewhere different.
If you want to use a specific gateway for your rules you can do that:Firewall > Rules > LAN (for example) > "+" > scroll down >
change Gateway "default" to the Gateway you wish you want to useThis will then allow traffic ONLY when the traffic is going to be send through the gateway set there.
In terms of Failover Gateway, you can create a Failover Gateway with your both ISP Connections and then use this "Failover Gateway" as a gateway in your rules instead.
Internal Traffic Firewall rules though (Traffic from a LAN to another subnet where your DNS Server resides) should use the "Default" setting in your Firewall rules.
Every Multi-WAN Setting, which needs to be looked at or changed can be found here:Firewall > settings > Advanced > Gateway Monitoring and Multi-WANQuoteIn OPNsense should I set a new rule for DNS?
Sure since your Subnets will need to talk to your DNS. If your corporate LAN has a DNS Server, which can be used you can make a rule with "default" gateway set, which allows UDP/TCP Traffic to this specific DNS Server IP using port 53. In case you don't have a valid DNS Server in your net, you can aswell let OPNsense do all the DNS resolving via Unbound or DNSmasq DNS Deamon. This would then mean that your rules must be changed to allow UDP/TCP Traffic with port 53 to the firewall Gateway IP address of this specific Subnet.
Failover Gateway configuration:For failover gateways you can build them here:
System > Gateway > GroupYou will then be able to select different tiers for your Gateways, where tier 1 means "best" and tier 2 means "2nd best" gateway to be used. The apinger daemon of OPNsense will then automatically change these gateways and monitor them wether there is high latency, packet loss or member down events occuring.
For more and better explanation please check out the following tutorial/how-to:https://wiki.opnsense.org/manual/multiwan.html
best regards,
Oxy