Having multiple WAN interfaces necessitates a means of determining when a gateway is down. In pfSense, this is done by assigning each WAN interface its own monitor IP. pfSense pings the monitor IP continuously. If the monitor IP stops responding, then the gateway is assumed to be down. If the monitor IP is for an OPT WAN interface (in other words, not the primary WAN interface), then pfSense will automatically add a static route, which will divert traffic to the correct gateway within the gateway group. A gateway IP should be an IP on a reliable site; moreover, each WAN interface within a gateway group should have a unique monitor IP so that the monitor IP's failure to respond will not result in multiple gateways going down. WAN interfaces in different gateway groups, however, can have the same monitor IP.

You might be wondering what constitutes a ping failure in the case of gateway monitoring. pfSense uses the following defaults:

• If packet loss in one of the criteria used for determining when a gateway is down and packet loss reaches a rate of 20%, the gateway will go down
• We know that a packet is lost if we send one and do not receive a reply after 2 seconds
• An ICMP probe is sent every half a second
• If latency averages 0.5 seconds and high latency is one of the criteria used for determining when a gateway is down, then the gateway will go down
• The criteria used to determine when a gateway is down can be set by editing the settings for a gateway group (this will be shown later in this chapter)

A gateway will reach alert status when packet loss reaches 10% or latency reaches 0.2 seconds. Alert status means the gateway will remain up, but the background of its listing in Status | Gateways will change to yellow. If these default settings are unacceptable, you can adjust them. You can do so by navigating to System | Routing, clicking on the Gateways tab, and editing the gateway whose values you wish to change. On the Edit page for the gateway, click on the Advanced button to reveal these settings.