Messages

I have success!  I configured a LAN Interface rule for the specific Host, but specified the Destination as an Inverse of "LAN net" and then pointed to my LTE Gateway.  I did have to do 2 rules, both in and out rules for the Host with the specified gateway.

I do have GW Monitoring on and LTE is live.  I can swap the Gateways in the failover with Tiering successfully but I cannot force a single host over one specific GW in the WAN Group.

Just tried resetting State Table, had no effect.  As soon as I switch the Active Gateway interface, it flips over all states so I don't think it is sticking to established sticky states.  It seems like there may be no way to have a Host redirected to an alternate interface when Gateways are grouped.

Yeah, I cannot get it to apply to the traffic.  Everything continues to apply the "Default allow LAN to any rule" to the traffic for the host that I specify in the Firewall Rule.  I did move it to the top of the Rules list and set it to Quick but it still doesn't match any traffic from that host to the rule that I created.

I did try to create a Floating Rule as well but that also wouldn't apply to the traffic.  I created a 2nd WAN Group with the LTE interface as Tier 1 and DSL as Tier 2 but that also wouldn't route over LTE.

If I change the Gateways Configuration to make the LTE Gateway as "Active" with Priority 1, it then will route all traffic over that interface.

Is it not possible to force route specific traffic over one interface with a Failover WAN Group configured?

I have a wired DSL gateway and a LTE gateway in a WAN Group with Failover, all is working well.  DSL is Tier 1 and LTE is Tier 2.

Occasionally, I would like to direct a host over LTE.  Things like kids streaming or gaming updates can get noisy when working from home.

I have tried to create a Firewall Rule with a specific internal host IP on LAN interface and mapping it to the LTE Gateway but everything still routes over the DSL Gateway.

Any suggestions on how to accomplish this?  Thank you!

Thank you so much!  This was a very helpful response and got me so much further this weekend.  Inspect was the key to what I was missing.

Caveat up front, new to OPNsense.  Coming over from Untangle.

I have everything functional and started testing out cutting over but I am struggling with getting Firewall Logs to show the Source IP as my 10. internal network.  Everything is being shown as Pass with the rule "let out anything from firewall host itself (force gw)"

I do have dual WAN setup with a Group.

All the entries show the Gateway Interface IP as the Source IP.  I have tried changing the Outbound NAT from Auto to Hybrid and Manual and back again with no change.  I know I am missing something simple.  I did install Zenarmor and that can report out the LAN IP traffic so at least I have some visibility there.

Happy to output anything or try anything that would help troubleshoot as I haven't fully cutover yet and still testing.