Dual Wan failover with Firewalla Wi-Fi SD

Follow

Daniel Housa

• October 02, 2022 13:34

Is it possible to have an option of simple rule for primary WAN failure to switch all internet except for my work PC? My scenario: Working from home, on a meeting, internet down, phone failsafe wan backup, kids playing online games, browsing, watching videos and eating up my cellular phone-based traffic thus slowing it down. From previous posts I understand that routing set up is a rather lengthy exercise.

0

• 

  Firewalla

  • October 03, 2022 19:59

  You mean, to only fail over your PC and not other devices? 

  If it is, then yea, we are designing this part now. Will take your input 

  0

  Comment actions Permalink
• 

  Castlenock

  • October 10, 2022 22:09

  I don't have my first FW yet (going for gold plus) but I will be intent to do the same though more to ease the noise on various IoT and other devices when I'm going off a phone hotspot.

  Beyond an exclusion and inclusion list of traffic when it's going off a hotspot, I'd love for it to be able to associate the failover when it happens to a custom set of QoS rules...

  0

  Comment actions Permalink
• 

  Firewalla

  • October 11, 2022 03:27

  You can use "routes" https://help.firewalla.com/hc/en-us/articles/360061592433-Firewalla-Policy-Content-Based-Routing to route traffic to the primary WAN.

  The QoS part, some of the quick basics, you can make things better even without distinguishing the output interface (WAN). see https://help.firewalla.com/hc/en-us/articles/360056976594-Firewalla-Feature-Smart-Queue

  0

  Comment actions Permalink
• 

  Castlenock

  • October 11, 2022 19:15

  Cool/thanks.  Can't wait to sink my teeth into it - hopefully by December if the stars keep on aligning for ya'll going into production on the Gold+.

  0

  Comment actions Permalink
• 

  Firewalla

  • October 11, 2022 22:22

  We are doing our absolute best to get the units out before Christmas 

  1

  Comment actions Permalink
• 

  Mark9

  • November 17, 2022 05:31

  Firewalla, you stated "we are designing this part now. Will take your input ".

  Whatever you come up with, it appears to me that you need Multi-WAN routing functionality to handle 3 or more WAN's and be more sophisticated than the current Dual-WAN settings of Failover and Load Balance.  My suggestion is adding a new "Interface List" to your "Policy-based Routes" and a “fall-through to next route” setting to PBR's.

  1. Each line in the "Interface List" is one or more interfaces.  When there is more than one interface on a line in the Interface List, load balancing occurs (a percentage can be placed after each Interface).  When none of the interfaces on a line are in service, the next line in the Interface List becomes active.

  2. A “fall-through to next route” setting needs to be added to the definition of a PBR.  When it is enabled and no interfaces in the Interface List are in service, the PBR is ignored as if it doesn't exist.  Processing will then look for a less specific PBR which matches the priority list by scope; Device > Group > Network > Global(All devices).  The default for fall-through is false to match current functionality of not looking for another PBR but instead dropping the outbound traffic.

  Example #1: As many have posted including myself, when you enable Dual-WAN Failover mode, then specify a Policy-based Route for some devices routing to WAN 2, you discover that "when secondary wan fails the routes don’t failover back to primary wan; the devices are stuck without internet". This is handled with a two line Interface List with line 1 being "WAN2" and line 2 being "WAN1".

  Example #2: Another post is to set up for 3 WAN's with load balancing between WAN1 & WAN2, then failover to WAN3.  This is handled with a two line Interface List with line 1 being "WAN1, WAN2" and line 2 being "WAN3". Voila! https://help.firewalla.com/hc/en-us/community/posts/9679134318867-Multi-WAN-capabilities-load-balancing-plus-fail-over.

  It also makes sense to replace the current Multi-WAN configuration with a Default Interface List.  For those currently configured for Failover, the Default Interface List would become two lines, the first "WAN1" and the second "WAN2".  For those currently configured for Load Balancing, the Default Interface List would become one line "WAN1, WAN2" with appropriate percentages.

  I do hope you will solve the Multi-WAN issues which I and others have posted one way or another soon!  FYI, I've provided prior input in https://help.firewalla.com/hc/en-us/community/posts/7652680908819-Need-Policy-based-Routing-to-handle-when-secondary-WAN-is-down.  This new suggestion supersedes the old (hey, I'm still learning Firewalla as I wait for my Gold Plus).  I'll cross post to that after Firewalla responds to this suggestion.

  0

  Comment actions Permalink
• 

  Mark9

  • December 07, 2022 20:02

  The "Preferred Route" setting in FW version 1.975 implements the "fall-through to next route" functionality suggested above where "if the selected interface is not available, allow traffic through an alternate route.".  Preferred may be selected on a Route instead of the default "Static" setting on a route where "if the selected interface is not available, the traffic will be dropped".

  This provides the required functionality to deal with Dual-WAN situations. A three or more WAN situation still needs additional functionality.  For further discussion, see:

  https://help.firewalla.com/hc/en-us/community/posts/7652680908819-Need-Policy-based-Routing-to-handle-when-secondary-WAN-is-down

  0

  Comment actions Permalink

Please sign in to leave a comment.