Load Balance Incoming Dual WAN



  • I've been running a pfSense firewall on our dual 20mb/s fiber Internet connections with a class c of IP's each, for the last 435 days without ever even needing to reboot it. I would really like to stick with pfSense. I need to set it up with load balancing though. Right now, half our VPN's are on each connection, and will fail over, but that doesn't use each connection very well. It will also need to handle 100mb/s on one link since we just ordered the upgrade for that, and we'll be going to 40-50mb/s on the other depending on how negotiations go. I would want to be able to give each link a different weight since they will be different speeds in a few months. What I need is for incoming HTTPS file transfers from the agencies we deal with to be balanced across both connections to a single web server that sits on our VMware cluster. I also need our IPSEC VPNs from a SonicWall NSA4500 to be balanced across both links. The traffic for them is mostly outgoing. Everything else, such as email, web browsing, etc… can simply be failover. I've been testing the Baracuda and XRoads link balancers, but I'm not satisfied with them. The Baracuda isn't ready for production use in my opinion, and the support from XRoads is disappointing considering the cost of their equipment. Their use of SOA DNS on the devices with short TTL's that monitor the links is interesting though.

    Is this possible with the current build of pfSense?


Log in to reply