HTTPS TIMING OUT



  • Good Morning Forum

    I have set up a 2.0 for multi wan and everything is working GREAT. the only problem i have is the HTTPS connections timing out. For example when i log into www.logmein.com as soon as i put my user and password it give me the following messages in random:

    1.- pops the user login and password screen again
    2.- tells me that cookies are not enabled

    there is no specific order to what happens it just does it rendomly

    I know its the firewall becouse when i connect directly to the DSL modem the https pages work perfect.

    ANY HELP WOULD BE GREATLY APPRACIATED
    I know it has somethign to do with firewall rules but i have looked over everything and cant find the solution

    THNAKS



  • https doesnt like loadbalancing
    enable sticky connections(System: Advanced: Miscellaneous: Load Balancing)



  • @Metu69salemi:

    https doesnt like loadbalancing
    enable sticky connections(System: Advanced: Miscellaneous: Load Balancing)

    …or create a firewall rule with a specific gateway for connections using port 443 (https)



  • I have tried that.

    Im new to PFSENSE, i have been using watchguard for about 9 years and i believe im having trouble getting my head around how to dreat rules..I have a multi wan setup how would i create a rule that certain services go out certin gateway

    Im using two DSL modems with the PPPoE on the modems and a T1 with static ip addresses. I fugured out the HTTPS part by using stickey connections but i want to spec other services from only using the T1

    let say i want all pptp trafic to go our the T1 where would i configurew the rule in WAN or LAN

    Its been a bit of a headache but at least i have the load balancing working now a little bit better



  • Policybased routing in watchguard terms?

    If you know exact trafic port and type you can create alias, example: gw1web, what includes 80,443,8080,8081
    then create rule with destination ports this alias and select advanced settings. choose gw1 from there. put this rule above default rules



  • Routing services through a specific gateway must be done by firewall rules.
    Create a rule for the service you like and then specify the gateway or gateway group you want to use for this.

    Don't know how the firewall rules take action on watchguard but pfsense is applying rules from top to down. The first rul which matches will be applied.

    Hope this helps if not please post screenshots of your firewall rules and tell us what you would like to realize.



  • @NachtFalke

    Same order is also in watchguard, but there is kinda floating rules, where you determine only the interfaces and/or networks where it works



  • Thanks for all the feedbacl, sticky worked perfect

    now im going on to allowing specific websites for users

    Please also c my  static rout request



  • @Metu69salemi:

    enable sticky connections(System: Advanced: Miscellaneous: Load Balancing)

    What's the current status of the "sticky connections" feature?

    There still seem to be reports of issues when enabling it, both in this forum and in http://redmine.pfsense.org/issues/337

    And then there is the http://www.freebsd.org/cgi/query-pr.cgi?pr=148290



  • I'm only having single wan and have no problems with this sticky.
    you can also use a rule, https is using only other wangw, if sticky is unusable


  • Rebel Alliance

    Or, if, you have problems with "sticky connections", can create a Failover GW group and use "policy routing" to direct all "problematic" traffic to that group, i think this approach is better than have all "problematic" traffic routed to one GW.


Log in to reply