Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense HA in Azure (No Load balancing) - How To

    Scheduled Pinned Locked Moved Virtualization
    1 Posts 1 Posters 483 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      p3tter
      last edited by

      Hi,

      After I went on an adventure to set up a pfSense HA cluster in Azure, I noticed that anything regarding virtual IP's, CARP etc. dosent work at all.
      My setup is 2 FW's with an OpenVPN server, And I dont want to load balance my VPN server.
      So I spent some time trying to find a configuration that would allow me to get a Active/Standby configuration to work.

      My setup:

      Standard Az LB with Public IP:
      Health Probe Rule: Protocol HTTP, Port 8443, path /index.php
      Load balance rule: UDP 1194 for front and back-end

      Both pfSense boxes have HA-Proxy-devel installed. Im sure we could use other Load balancers, but my choice was HA-Proxy

      FW1:
      HA-Proxy Front-End Rule1:
      Listen Address (FW1-WAN IP) and Port 8443, Pool: Backend1

      HA-Proxy Front-End Rule2:
      Listen Address (FW1-LAN IP) and Port 8443, Pool: Backend2

      HA-Proxy Back-End1:
      Server1: Mode: active, NAME: Test, Address+Port: FW1-LAN-IP 443 SSL: yes

      HA-Proxy Back-End2:
      Server1: Mode: active, NAME: FW1, Address+Port: FW1-LAN-IP 443 SSL: yes
      ACL: NAME: TEST, Expression: Path contains, Value: /index.php
      Actions: HTTP-Response-Deny

      FW2:
      HA-Proxy Front-End Rule1:
      Listen Address (FW2-WAN IP) and Port 8443, Pool: Backend1

      HA-Proxy Back-End1:
      Server1: Mode: Backup, NAME: FW2, Address+Port: "FW2-LAN-IP" 443 SSL: yes
      Server2: Mode: Active, NAME: FW1, Address+Port: "FW1-LAN-IP" 443 SSL: yes

      This is assuming the default port on pfSense GUI is 443 and uses HTTPS and ofc. correct FW rules are in place....

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.