I have a dual wan setup in a load balance configuration and have added some routing rules for my TV(Netflix etc.) to force it to constantly use only my Primary WAN (DSL Connection). I have set All Source IP's to the TV to use the Primary WAN but it's still not the case. You can use dual WAN either in Load Balance or in Fail Over mode. If you use Load Balance mode then you can split your internet traffic between Primary and Secondary connections. You can set up your router so that a particular device in your LAN uses either primary or secondary.
- Note: The system will separate Internet sessions based on the load between the Primary WAN and Secondary WAN, instead of the overall bandwidth or overall data rate. How to setup Dual WAN? Enable Dual WAN. Choose your primary WAN and secondary WAN. There are WAN, USB, Ethernet LAN for your options. You can choose Fail Over or Load Balance.
- I have the tp-link TL-R470T + load balancer, I have configured WAN 1 with MI ISP (Cable Onda) and Wan2 with another ISP (Cable & Wireless). WAN 1: Dynamic IP. WAN 2: Dynamic IP. I have problems for the TP-link to recognize me the Internet of WAN 2 which is by DHCP, When I remove the network cable and put it back in the wan2 it detects the.
@Kevin_Z Yes, I just bought the Archer AX6000 instead. But learned too late that it had no DOS protection just recently in this postI've made. It's really difficulty knowing what software features most of TP-Links products have because it constantly changes even for similar models. When I do research online, I find old reviews and articles that say differently and when I buy the product, that is the time I actually get to use it and learn some things have changed.
I wish TP-Link did not remove the DOS Protection for their new Routers even with HomeCare. Because its one of the features that other popular consumer Routers seem to be missing. When I look at my old TP-Link Routers, they seem to have more powerful built-in features compared to the new models. But of course WPA3 and WiFi 6 is important too although most cannot fully utilize them yet.
If there are direct DOS attacks, I'm not sure if HomeCare will be able to handle that since i think it mostly protects only from knownAntiviruses and Malware? So there is now no basic zero-day attack protection for the new Routers.
I’ve been running pfSense in Dual WAN mode for more than a decade. Unfortunately, some sites lately are quite sensitive per user session originating from multiple public IP addresses. The best description of the problem is from the official pfSense documentation:
Asus Dual Wan Load Balance Problems Pdf
Some websites store session information including the client IP address, and if a subsequent connection to that site is routed out a different WAN interface using a different public IP address, the website will not function properly. This is becoming more common with banks and other security-minded sites. The suggested means of working around this is to create a failover group and direct traffic destined to these sites to the failover group rather than a load balancing group. Alternately, perform failover for all HTTPS traffic.
The sticky connections feature of pf is intended to resolve this problem, but it has historically been problematic. It is safe to use, and should alleviate this, but there is also a downside to using the sticky option. When using sticky connections, an association is held between the client IP address and a given gateway, it is not based off of the destination. When the sticky connections option is enabled, any given client would not load balance its connections between multiple WANs, but it would be associated with whichever gateway it happened to use for its first connection. Once all of the client states have expired, the client may exit a different WAN for its next connection, resulting in a new gateway pairing.
After some testing and consideration let’s leave the sticky connections unchecked. As mentioned above they are problematic.
Other description of the problem here:
Some websites do not work properly if requests from the LAN are initiated from multiple public IP addresses. Hence load balancing is incompatible with these sites. Common examples are sites that maintain login sessions, most frequently online banking. This is most commonly observed with HTTPS sites so usually HTTPS should not be load balanced. Occasionally it is a problem with HTTP sites that maintain session, but this is rare.
For sites that do not function with load balancing, add firewall rules to not load balance traffic to these destinations or protocols.
To alleviate this issue, you can do the following:
Here are my two Gateways
Asus Enable Load Balance
Make two GatewayGroups
Asus Dual Wan Load Balance Problems Pc
One for Load Balancing
Set for both Gateways Tier 1
One for Failover
Set Tire1 for the one and Tier 2 for the second
Asus Dual Wan Router
Go to the LAN Rules
Asus Dual Wan Load Balance Problems -
Set the default LANrule to use the Load Balancing Gateway Group.
Add new rule that will be valid only for HTTPS connection and set the Gateway to the Fail-over Gateway Group.
This way all HTTPSconnections will pass through the First WAN until it goes down and failover to theSecond. The alternative is to makeseparate rule for each and every HTTPS site with issues. The rule will be verysimilar to the one for HTTPS. The difference will be that Destination address willbe single Public IP. Doing so will load balance all other HTTPS connection thatdon’t have this problem.