Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Access to secure sites?

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 2 Posters 747 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gazzzman
      last edited by

      Hi everyone!
      been using PF for about 5 years mono before it ;)
      I have recently got a second WAN connection, and the loadbalancing I am really pleased with :)
      with just one exception:- there are a few sites (things like webmail on my hosted server) and my FTP server that throw me out pretty much directly after connecting, because of the ip address change.
      is there a way, where a specific SSL connection, once set up, will stay associated with one WAN IP address?
      I am pretty sure it is only SSL that has this issue, so can I (perhaps) set up a rule by protocol (SSL) or, am I missing something?
      of course, as SSL becomes the default, this is going to become a much bigger issue (though I notice Google doesnt seem to have an issue with it)
      I am certain I am not alone with this, but a search of the forum didn't really help
      thanks for any help ideas (or even snickering?)
      Gazzzman

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        You can try enabling sticky connections in System > Advanced, Miscellaneous in the load balancing section.

        If that doesn't help with that particular site, you might have to enable a failover group and policy route connections to destination protocol/port TCP/443 to that. You might be able to policy route only specific sites but that is sort of a rabbit hole.

        Understand that this is due to the site developers using the source address as at least part of the way to identify you instead of another method, such as a session cookie.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • G
          gazzzman
          last edited by

          hi there Derelict!!
          Thanks for your advice!! I will give that a try now :)
          thanks for your help! I will let you know how it goes :)
          Gazzzman

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.