Currently (1.4), you cannot use address or network groups in wan load balancing rules. It would be nice if this could be added.
Examples:
set load-balancing wan rule 10 source group address-group ‘SomeAddrGroup’
set load-balancing wan rule 10 source group network-group ‘SomeNetGroup’
set load-balancing wan rule 10 destination group address-group ‘SomeAddrGroup’
set load-balancing wan rule 10 destination group network-group ‘SomeNetGroup’
Fair enough, I’m not a huge fan of the current loadbalancing implementation anyway when used purely for failover. I have an idea for a simpler way forward for such scenarios.
In my use case I only require a failover (4G) to be used only when the primary connection fails. I am wondering if the new static route path monitoring could be extended to allow for a more bare bones failover solution. This would require the addition of automatically grabbing the next hop from various interfaces (via DHCP, PPPoE, etc).
Example:
set interfaces ethernet eth0 address dhcp
set interfaces ethernet eth0 description Primary
set interfaces ethernet eth1 address dhcp
set interfaces ethernet eth1 description Secondary
set interfaces ethernet eth2 address 192.168.0.1/24
set interfaces ethernet eth2 description LAN
set firewall group network-group LAN network 192.168.0.0/24
set protocols failover route 0.0.0.0/0 next-hop-interface eth0 check target interface
set protocols failover route 0.0.0.0/0 next-hop-interface eth0 check timeout ‘10’
set protocols failover route 0.0.0.0/0 next-hop-interface eth0 check type ‘icmp’
set protocols failover route 0.0.0.0/0 next-hop-interface eth0 metric ‘1’
set protocols failover route 0.0.0.0/0 next-hop-interface eth1 check target interface
set protocols failover route 0.0.0.0/0 next-hop-interface eth1 check timeout ‘10’
set protocols failover route 0.0.0.0/0 next-hop-interface eth1 check type ‘icmp’
set protocols failover route 0.0.0.0/0 next-hop-interface eth1 metric ‘2’
set nat source rule 100 description ‘SNAT - LAN - Outbound Primary’
set nat source rule 100 outbound-interface ‘eth0’
set nat source rule 100 source group network-group LAN
set nat source rule 100 translation address ‘masquerade’
set nat source rule 101 description ‘SNAT - LAN - Outbound Secondary’
set nat source rule 101 outbound-interface ‘eth1’
set nat source rule 101 source group network-group LAN
set nat source rule 101 translation address ‘masquerade’
Does this seem like something that would be feasible? The above syntax is just a suggestion but should convey what I am thinking.
Does extending failover routes this way seem like something that would be feasible? Or should I give up on this pipe dream 