Giancarlo Razzolini wrote:
I did setup several gateways like this, but only on one firewall. With 2 firewalls, you have the additional complexity of ifstated no only checking if the wan link goes down, but you will have to put other thins into account, like the migration of them. ifstated is a state machine. It will do exactly what is told. There are some pitfalls, most of them regarding what must be done in the start of a state. Also, i recommend that you use snmp for checking if the wan connection went down. Most people ping external sites to accomplish that, but i don't recommend this. The modem/router/etc, can provide accurate information about the link, using snmp. I've been wanting to write a tutorial about using CARP+ifstated+pfsync+multi wan links. Didn't had time yet to do so. I can provide you some examples later, if you want.
I'll unfortunately have to ping for one wan connection since the router is the property of the ISP and they don't allow SNMP on it (though this seems to be an expensive cisco piece of hardware that supports it).
I would be interested if you could provide me with details about the wan failover part (scripts, config files, ...)
Thanks
