[pfSense] Multi-Wan Setup, High Availability and Traffic Segmentation

2015-11-13 Thread David White 
I have a unique scenario:

The higher ups require a multi-wan high availability setup, but assuming
both ISPs are working, some traffic is required to use 1 ISP and some
traffic is required to use the other.

I've read in some pfSense docs on how I can setup a high availability,
multi-wan setup, but those docs say nothing about segmenting the traffic.

My idea is to setup 2 VLANS, and route 1 VLAN out of 1 gateway and 1 VLAN
out the other, but configure them so that if 1 ISP or the other ISP goes
down, both VLANS will go out whichever ISP is working.

Is this possible?

-- 
David White
Founder & CEO

*Develop CENTS *
Computing, Equipping, Networking, Training & Supporting
Organizations Worldwide
http://developcents.com
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Hostname resolution of OpenVPN-connected clients

2015-11-13 Thread Vick Khera 
On Thu, Nov 12, 2015 at 5:20 AM, Marco  wrote:

> > Setting up BIND 9 to manage a dynamic zone is not very difficult.
>
> Do I need an additional BIND instance besides the unbound that's
> already running on the pfSense box?
>

unbound != bind. I do not know anything about setting up dynamic zones in
unbound. i know how to do it in bind9.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Multi-Wan Setup, High Availability and Traffic Segmentation

2015-11-13 Thread Chris L 
On Nov 13, 2015, at 7:09 AM, David White  wrote:
> 
> I have a unique scenario:
> 
> The higher ups require a multi-wan high availability setup, but assuming
> both ISPs are working, some traffic is required to use 1 ISP and some
> traffic is required to use the other.
> 
> I've read in some pfSense docs on how I can setup a high availability,
> multi-wan setup, but those docs say nothing about segmenting the traffic.
> 
> My idea is to setup 2 VLANS, and route 1 VLAN out of 1 gateway and 1 VLAN
> out the other, but configure them so that if 1 ISP or the other ISP goes
> down, both VLANS will go out whichever ISP is working.
> 
> Is this possible?

Absolutely.  Look at Multi-WAN, Failover, and Policy Routing on the doc wiki.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Multi-Wan Setup, High Availability and Traffic Segmentation

2015-11-13 Thread David Burgess 
On Fri, Nov 13, 2015 at 8:09 AM, David White  wrote:

> I have a unique scenario: 


That sounds like a fairly standard use of multi-WAN, with vlan thrown in
for flavour. Did you look at this page? If so, do you have any specific
questions or problems with it?

https://doc.pfsense.org/index.php/Multi-WAN

db
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Multi-Wan Setup, High Availability and Traffic Segmentation

2015-11-13 Thread Chris Bagnall 
On 13 Nov 2015, at 15:09, David White  wrote:
> I have a unique scenario:
> The higher ups require a multi-wan high availability setup, but assuming
> both ISPs are working, some traffic is required to use 1 ISP and some
> traffic is required to use the other.
> I've read in some pfSense docs on how I can setup a high availability,
> multi-wan setup, but those docs say nothing about segmenting the traffic.
> My idea is to setup 2 VLANS, and route 1 VLAN out of 1 gateway and 1 VLAN
> out the other, but configure them so that if 1 ISP or the other ISP goes
> down, both VLANS will go out whichever ISP is working.
> Is this possible?

Yes, it’s far from unique - most of our pfSense deployments are like this. The 
joys of rural locations where one internet connection is neither fast or 
reliable enough.

In a nutshell, you’ll define two gateway groups, something like this:

WAN1Preferred
 - Tier 1: WAN1 Gateway
 - Tier 2: WAN2 Gateway

WAN2Preferred
 - Tier 1: WAN2 Gateway
 - Tier 2: WAN1 Gateway

Then on your VLAN rules pages, change the default (allow all outbound) rule to 
use the appropriate gateway group.

In most of our deployments we segment traffic by type rather than VLAN though, 
usually to force latency-critical traffic (like SIP) away from ‘bulk’ traffic 
(like web browsing).

> Founder & CEO

Yet there are still ‘higher ups’? :-)

Kind regards,

Chris
-- 
C.M. Bagnall
This email is made from 100% recycled electrons

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold