07.01.2021

Asus Dual Wan Load Balance Problems

12
  1. Enable Dual Wan Asus
  2. Asus Dual Wan Load Balance Problems Pdf
  3. Asus Dual Wan Load Balance Problems Solving
  4. Asus Enable Load Balance

Important

I actually only need one to replace our old Asus RT-AC68U router which has Dual WAN + Load Balance / Failover feature with support for USB 3G/4G Modem. Since its DOS Protection and Firewall is not that good, I'm looking for a replacement Gigabit router that has those features too but hopefully much better. ASUS BRT-AC828 AC2600 - Dual WAN Test WAN1+WAN2 - PPPoE WAN1-Vla.

Asus dual wan load balance problems solving

Netgate is offering COVID-19 aid for pfSense software users, learn more.

Xfx radeon hd 6870 driver. This section describes some of the most common problems with multi-WANand how to troubleshoot them.

Verify Firewall Rule Configuration¶

The most common error when configuring multi-WAN is improper firewall rules.Remember, the first matching rule wins and any further rules are ignored. If apolicy routing rule is below the default LAN rule in the list, no traffic willever match that rule because it will match the default LAN rule first. ReviewPolicy Routing Configuration and verify the rules arecorrect.

If the rule ordering and configuration appears correct, it may help to enablelogging on the rules. See Troubleshooting Firewall Rules formore information. Ensure the appropriate policy routing rule is passing thetraffic.

Policy routing does not work for web traffic or all traffic¶

When a proxy package that can transparently capture HTTP traffic is used, suchas squid, it overrides any policy routes that are defined for client traffic onthat port. So no matter which gateway is set in firewall rules, traffic for HTTP(TCP port 80) will still go through squid and follow the firewall’s defaultroute.

Enable Dual Wan Asus

Failover not working¶

If problems occur when an Internet connection fails, typically it is because themonitor IP address is still answering, so the firewall thinks the connection isstill available. Check Status > Gateways to verify. An IP address on themodem may be used as a monitor IP address, which will still be accessible evenif the Internet connection is down.

Load balancing not working¶

  • Check that the Gateway Group is properly configured for load balancing, withat least two gateways on the same tier.

  • Check that the firewall rules being matched direct traffic to the correct loadbalancing gateway group.

  • Check that all of the gateways in the group show as Online under Status >Gateways. Connections marked as Offline will not be used.

  • Check the testing methodology. Rather than testing with a web browser, trytesting with curl or similar utilities which do not retain session data.

  • Check that the traffic is not using a proxy or otherwise being initiated froma daemon on the firewall itself.

Asus Dual Wan Load Balance Problems Pdf

A gateway is incorrectly marked offline¶

Asus Dual Wan Load Balance Problems Solving

If a gateway is listed as offline, but the WAN is actually up, several thingscould be at fault:

  • First, test to see if the monitor IP address responds to a ping from a clientdevice on the LAN, and again from Diagnostics > Ping.

  • File exception error victoria 2. If the device with the monitor IP address or other intermediate hop drops ICMPecho request packets without a payload, manual pings would work but thegateway monitoring would fail. See Advanced Gateway Settings and set thepayload to a value of 1 or higher.

  • If the gateway or monitor IP address does not respond to ICMP echo requests,enter a different monitor IP address to use instead.

  • If the monitor IP address is configured as a DNS server for a different WAN,the static routes could be causing a conflict and the echo requests to thegateway may not be following the expected path. Set a non-conflicting monitorIP address on the gateway.

  • If there is an outbound NAT rule on the WAN with a Source of any, it cancause problems with traffic on the firewall, including monitoring traffic,because that will also NAT traffic from the firewall itself. This can beespecially problematic if the source address is changed to a CARP VIP. Fix theoutbound NAT.

If all else fails, it’s possible the circuit really is down, but the testingmethodology appears to show it up. Verify the Interface and Gateway settings andrun the test again, and try traceroute to make sure the traffic is leavingusing the expected path.

Problems

Ping works by IP address, but web browsing fails¶

Wan

In this case, the most likely cause is DNS. If the firewall DNS settings do notmatch those in Interface and DNS Configuration, clients maynot be able to resolve DNS when a WAN is down. Review the settings and fix anyproblems that are found.

Squid doesn’t seem to be using both connections¶

Squid and most other packages on the firewall itself do not understand loadbalancing; They will use only the WAN connection with the default gateway.

Dual

Asus Enable Load Balance

Check the Netgate Forum for package-specific alternate techniques.