Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
Group Gateway help
« previous
next »
Print
Pages: [
1
]
Author
Topic: Group Gateway help (Read 867 times)
gman529
Newbie
Posts: 4
Karma: 0
Group Gateway help
«
on:
October 27, 2023, 04:27:55 pm »
I am completely lost right now how to get to mutli-want working with gateway groups. So here is my setup:
1) Multiple WANs - ATT and COMCAST
2) Mulitple Gateway Groups
3) Primary Gateway group is member down
4) ATT is Tier 1 and COMCAST is Tier 5
5) All traffic goes out the COMCAST port for some reason rather than the ATT port
To my understanding everything should be going out the ATT since it's tier 1.
1) ATT Gateway priority is 246
2) COMCAST Gatway priority is 254.
Please tell me if I'm mis-reading that the Tiers are supposed to be where Tier 1 is primary and the other tiers are less important as you move down or did I mix that up?
Logged
iMx
Full Member
Posts: 202
Karma: 15
Re: Group Gateway help
«
Reply #1 on:
October 28, 2023, 12:11:44 pm »
I believe you are confusing 2 separate 'things':
- Gateway groups
- Default gateway and/or default gateway switching
Tiers - corresponds to Gateway groups
Priority - corresponds to default gateway/default gateway switching
For gateway groups, you need to have a firewall rule to match the traffic you want to use the gateway group, with the gateway set on the rule to the gateway group. The 'Tiers' will then be respected for the traffic that matches this rule.
Or, ignore gateway groups, leave your firewall rules on * gateway, then enable default gateway switching - with each gateway tagged as upstream and the appropriate priority - then, the priorities come into play.
If you use gateway groups, without default gateway switching, the default route on the firewall itself will never be changed.
Gateway groups apply only to the traffic that matches - with the gateway group set as the gateway on the rule that matches - on the firewall rules ingress to the port/interface that first matches. A * gateway on a rule, does not use a gateway group - it uses the default route on the firewall (priorities).
Use cases:
a) You want all traffic to fail over:
- Default Gateway switching, (not groups), enabled, is probably the best way forward
- Default Gateway candidates all/both tagged as upstream, appropriate priorities set for each gateway
- All firewall rules set to * gateway
b) You want to leave some traffic as only ever using 1 gateway and failover some devices only:
- Default gateway switching, disabled
- One gateway tagged as upstream, i.e only 1 gateway is a default gateway candidate
- Add a specific rule, with the gateway set to the gateway group, of the traffic that you want to fail over. Perhaps a source group/alias of your computers, phones, etc
- Other devices, for example IoT, streaming boxes, with no gateway group set, still on * gateway, would lose internet access until the default route returns
b) Is probably more useful when bandwidth on the secondary WAN is limited, 4G for example.
«
Last Edit: October 28, 2023, 12:27:13 pm by iMx
»
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: Group Gateway help
«
Reply #2 on:
October 28, 2023, 08:10:06 pm »
Appears we discussed the same here
https://www.reddit.com/r/opnsense/comments/17hup2d/gateway_groups_issue/
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
Group Gateway help
