networkingopnsenseisraelfailoverfibercellularhome-networkinginfrastructure

Redundant Internet Setup Guide for Israel

Fiber + Cellular Failover with OPNsense

Written byDaniel Rosehill

This guide provides a practical walkthrough for setting up failover internet in Israel, designed for consumers, small businesses, and work-from-home professionals.

The Problem

In Israel, internet connectivity can be disrupted by road construction cutting fiber/DSL cables, ISP outages, and infrastructure maintenance. For remote workers and small businesses, even brief outages can be costly.

The Solution

A fiber + cellular failover configuration using OPNsense provides automatic, reliable backup. When your primary fiber connection fails, traffic seamlessly switches to cellular. When fiber recovers, traffic returns automatically—no manual intervention required.

Why Fiber + Cellular?

  • True Redundancy: Fiber and cellular use completely separate infrastructure

  • Cost-Effective: Cellular data-only SIMs in Israel cost as little as ~20 NIS/month

  • Reliable Failover: OPNsense handles both failover and fail-back reliably

Network Architecture

The key elements of this setup:

  • Two separate WAN connections enter OPNsense through different interfaces

  • OPNsense monitors both gateways by pinging external DNS servers

  • Traffic routes through fiber (primary) under normal conditions

  • Automatic failover to cellular when fiber fails

  • Automatic fail-back to fiber when it recovers

Physical Wiring Notes

  • Connect the LAN port of each gateway to OPNsense WAN ports

  • Use the blue 2.5Gbps port on the Bezeq gateway for full speed

  • Use Cat 6a/7 cables for 2.5Gbps connections

  • All equipment should be powered through the UPS

Failover Behavior

  1. OPNsense continuously pings monitoring IPs (e.g., 8.8.8.8 for WAN1, 1.1.1.1 for WAN2)

  2. When pings to WAN1 fail, OPNsense marks the gateway as down

  3. After ~30 seconds, traffic switches to WAN2 (cellular)

  4. When WAN1 pings succeed again, traffic returns to the primary connection

Hardware Requirements

Mini PC with OPNsense

The heart of this setup is a mini PC running OPNsense:

  • Minimum 3 Ethernet ports (2 WAN + 1 LAN), preferably 4

  • 2.5GbE ports to utilize faster fiber plans

  • Low power consumption for 24/7 operation

Available on AliExpress (~$100/400 NIS) or locally at Ivory/KSP.

Bezeq Fiber Gateway

Bezeq provides a fiber gateway (Heights Telecom hardware, branded "B Fiber"):

  • One blue 2.5Gbps port — use this for your OPNsense connection

  • Yellow ports are limited to 1Gbps

  • Default IP: 192.168.1.1

  • Password: last 6 digits of serial number

Cellular Gateway Options

You need a true gateway/modem, not a router. OPNsense handles all routing.

Budget Option: Generic 4G LTE Gateway — Available on AliExpress. Look for "CPE Gateway" or "Industrial LTE Modem" with external SMA antenna support and LAN port output.

Gold Standard: Teltonika Industrial Gateways — For professional-grade reliability, consider the Teltonika RUT240 (4G LTE) or RUTX50 (5G).

Cellular Data Plans

Search for "סים לגלישה בלבד" (data-only SIM). Providers include Pelephone (recommended, plans from ~20 NIS/month), Partner, Cellcom, and HOT Mobile.

Software Configuration

Bezeq Gateway Setup

  1. Access the gateway at 192.168.1.1

  2. Login with last 6 digits of serial number

  3. Disable DHCP Server (OPNsense will handle DHCP)

  4. Verify LAN4 shows 2500 Mbps speed

OPNsense Interface Configuration

Configure three interfaces: WAN (Bezeq Fiber primary), WAN2 (Cellular backup), and LAN (Local network).

WAN Interface (Bezeq Fiber):

  • IPv4 Configuration: Static IPv4

  • IPv4 Address: 192.168.1.2/24

  • MTU: 1492 (required for Bezeq)

  • IPv4 Gateway Rules: Disabled

WAN2 Interface (Cellular): DHCP or Static, using a different subnet (e.g., 192.168.188.2/24).

LAN Interface: IPv4 Address: 10.0.0.1/24, DHCP enabled with range 10.0.0.100 to 10.0.0.250.

Gateway Configuration

Navigate to System → Gateways → Configuration. Important: Use different monitoring IPs for each gateway (e.g., 8.8.8.8 and 1.1.1.1).

Creating the Failover Group

Navigate to System → Gateways → Group and create a group with:

  • Group Name: WAN_Failover

  • WAN (Bezeq): Tier 1

  • Cellular: Tier 2

  • Trigger Level: Member Down

  • Pool Options: Default

NAT Configuration

Navigate to Firewall → NAT → Outbound. Select Hybrid outbound NAT rule generation and create manual rules for each WAN interface: Interface = WAN (and WAN2), Source = LAN net, Translation = Interface address.

Testing

Failover Test Procedure

  1. Start a continuous ping: ping 8.8.8.8

  2. Disconnect the primary: Unplug Bezeq or power off the gateway

  3. Observe failover: After ~30 seconds, traffic switches to cellular

  4. Run a speed test: Confirm you're on cellular (lower speeds)

  5. Reconnect the primary: Power on Bezeq

  6. Verify fail-back: After ~30 seconds, traffic returns to fiber

The fail-back test is critical. Some systems fail to return to primary after recovery. OPNsense handles this reliably.

Troubleshooting

No Internet After Configuration: Verify DHCP is disabled on upstream gateways, check OPNsense WAN interfaces have correct static IPs, ensure firewall rules allow LAN to WAN traffic.

Slow Speeds on 2.5Gbps Plan: Use the blue 2.5Gbps port on Bezeq gateway, check interface speed settings in OPNsense, use Cat 6a/7/8 cables throughout.

Failover Not Working: Verify both gateways show "Online" in OPNsense, check monitoring IPs are different for each gateway, ensure gateway group is applied to firewall rules, check NAT rules exist for both WAN interfaces.

Cellular Connection Issues: Verify SIM is recognized in gateway web interface, check APN settings (usually auto-configured), try external antennas if signal is weak.

Why Not TP-Link Multi-WAN Routers?

From experience with the TP-Link ER605: failover to cellular works, but fail-back to primary often doesn't work, resulting in staying on expensive cellular when fiber is available. OPNsense provides reliable bidirectional failover.

Summary

This setup uses Bezeq Fiber (2.5Gbps capable) as the primary connection, Pelephone cellular data (~20 NIS/month) as backup, and OPNsense on a mini PC as the router/firewall. Key settings include MTU 1492, gateway groups with tiers, and Hybrid NAT.

The result is automatic, reliable failover that switches to cellular when fiber fails, returns to fiber when it recovers, and requires minimal ongoing maintenance.

Key Takeaways

  • Fiber + cellular provides true redundancy using separate infrastructure

  • OPNsense reliably handles both failover AND fail-back (unlike some consumer routers)

  • Cellular data-only SIMs in Israel cost as little as 20 NIS/month

  • Use the blue 2.5Gbps port on Bezeq gateways and set MTU to 1492

  • Gateway groups with tiers (Tier 1 primary, Tier 2 backup) enable automatic failover

Daniel Rosehill
Daniel Rosehill

Automation specialist and technical communications professional bridging AI systems, workflow orchestration, and strategic communications for enhanced business performance.

Learn more about Daniel
Visit danielrosehill.com
Explore topics:
AILLMsRAGMCPAll Tags