Manage sticky connection?!

bullet92 · Aug 14, 2013, 9:45 AM

hi i'm new here! :)
I have just configured my first pfsense system(v 2.03). I was able to correctly configure a MultiWAN configuration with LoadBalancing and FailOver, but i see that with particular web application the ip's changing is not tollerated so i have activated the "sticky connections".

Now my question is: is possible to manage this setting with a firewall rule? my desire was to disable this config to some particular service that need more bandwidth, but to set it generally on.

Looking forward to your reply, Regards

P.S. Sorry for my english

Nachtfalke · Aug 14, 2013, 12:29 PM

I do not use sticky connections option but resolved this with firewall rules.

So you have one Gateway Group for LoadBalancing (Both WAN same Tier) and another one for Failover (Both WAN different Tier). I created an port alias and put there all ports which do not really like LoadBalancing like https and others. Then I created two firewall rules - the one with the LoadBalancing gateway Group and the other with the Failover Gateway Group and the Port Alias I specified.

Of course instead of the port alias you can create source or destination aliases and put them into the firewall rules with your failover Gateway Group configured.

bullet92 · Aug 16, 2013, 2:21 PM

Thanks for your reply! I thing that your solution is the best way :)
I have inserted port 80,443,465,495 and 993.. do you have other port suggestion?

Nachtfalke · Aug 16, 2013, 9:38 PM

20,21,22,25,587,995

No need for port 80. This is probably the service which uses most of LoadBalancing.
You probably should only add ports which are used for encrypted connections or VPN pprts like 500,4500,1194,1723

bullet92 · Aug 17, 2013, 9:34 AM

Thanks for the tip!
Sadly i have noted that session of some forum or page thate require a login will expire early if i use loadbalancing with port 80 :(

p.s. i have another question, though it is OT, the loadbalancing and failover rule sholud be to the bottom or in the top then other firewall rules? and this rule allow any traffic or simply change the gateway?

Nachtfalke · Aug 17, 2013, 2:30 PM

firewall rules will be processed from top to down. the first rule which mateches will be used. no matter if you use the default or a gateway group as gateway.

So if you want to use LoadBalancing the rule with the LoadBalancing GW must be before the other rules.

bullet92 · Aug 20, 2013, 7:19 AM

ok, but this rule in top allow all the traffic to pass o only change the traffic gateway ?