Still a new router to me, and this goes for the language it uses but I’ve striped out the configuration the wizard used to setup fail over internet below, after only a few minor changes (narrow the internal group to the ranges I use, description changes, and group name changes to suit what I’m using) and applied it to my existing config with out issue.
So I am back to NBN fail-over to wireless point-to-point.
set firewall group address-group Internal address 172.30.0.0/24
set firewall modify balance rule 10 action modify
set firewall modify balance rule 10 description 'Do not load balance lan to lan'
set firewall modify balance rule 10 destination group address-group Internal
set firewall modify balance rule 10 modify table main
set firewall modify balance rule 50 action modify
set firewall modify balance rule 50 description 'Do not load balance destination public address'
set firewall modify balance rule 50 destination group address-group ADDRv4_pppoe0
set firewall modify balance rule 50 modify table main
set firewall modify balance rule 60 action modify
set firewall modify balance rule 60 description 'Do not load balance destination public address'
set firewall modify balance rule 60 destination group address-group ADDRv4_eth4
set firewall modify balance rule 60 modify table main
set firewall modify balance rule 70 action modify
set firewall modify balance rule 70 modify lb-group FailOver
set firewall options mss-clamp mss 1412
set load-balance group FailOver interface eth4 failover-only
set load-balance group FailOver interface pppoe0
set load-balance group FailOver lb-local enable
set load-balance group FailOver lb-local-metric-change disable
set system conntrack expect-table-size 4096
set system conntrack hash-size 4096
set system conntrack table-size 32768
set system conntrack tcp half-open-connections 512
set system conntrack tcp loose enable
set system conntrack tcp max-retrans 3
During my research I did read about people needing to reboot the router after these changes, this was through the GUI interface, not much reason was given to why but when your in the CLI it does explain.
[ system conntrack hash-size 4096 ]
Updated conntrack hash size. This change will take affect when the system is rebooted.
So the normal routing table:
IP Route Table for VRF "default"
S *> 0.0.0.0/0 [1/0] is directly connected, pppoe0
S 0.0.0.0/0 [100/0] via 10.60.70.177, eth4
S *> 10.0.0.0/8 [1/0] via 10.60.70.177, eth4
........
and the failover routing table:
IP Route Table for VRF "default"
S *> 0.0.0.0/0 [100/0] via 10.60.70.177, eth4
S 0.0.0.0/0 [1/0] is directly connected, pppoe0 inactive
S *> 10.0.0.0/8 [1/0] via 10.60.70.177, eth4
..........
