pfSense HA in Azure (No Load balancing) - How To

p3tter

Hi,

After I went on an adventure to set up a pfSense HA cluster in Azure, I noticed that anything regarding virtual IP's, CARP etc. dosent work at all.
My setup is 2 FW's with an OpenVPN server, And I dont want to load balance my VPN server.
So I spent some time trying to find a configuration that would allow me to get a Active/Standby configuration to work.

My setup:

Standard Az LB with Public IP:
Health Probe Rule: Protocol HTTP, Port 8443, path /index.php
Load balance rule: UDP 1194 for front and back-end

Both pfSense boxes have HA-Proxy-devel installed. Im sure we could use other Load balancers, but my choice was HA-Proxy

FW1:
HA-Proxy Front-End Rule1:
Listen Address (FW1-WAN IP) and Port 8443, Pool: Backend1

HA-Proxy Front-End Rule2:
Listen Address (FW1-LAN IP) and Port 8443, Pool: Backend2

HA-Proxy Back-End1:
Server1: Mode: active, NAME: Test, Address+Port: FW1-LAN-IP 443 SSL: yes

HA-Proxy Back-End2:
Server1: Mode: active, NAME: FW1, Address+Port: FW1-LAN-IP 443 SSL: yes
ACL: NAME: TEST, Expression: Path contains, Value: /index.php
Actions: HTTP-Response-Deny

FW2:
HA-Proxy Front-End Rule1:
Listen Address (FW2-WAN IP) and Port 8443, Pool: Backend1

HA-Proxy Back-End1:
Server1: Mode: Backup, NAME: FW2, Address+Port: "FW2-LAN-IP" 443 SSL: yes
Server2: Mode: Active, NAME: FW1, Address+Port: "FW1-LAN-IP" 443 SSL: yes

This is assuming the default port on pfSense GUI is 443 and uses HTTPS and ofc. correct FW rules are in place....