Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Manage sticky connection?!

    Routing and Multi WAN
    2
    7
    1930
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bullet92
      last edited by

      hi i'm new here!  :)
      I have just configured my first pfsense system(v 2.03). I was able to correctly configure  a MultiWAN configuration with LoadBalancing and FailOver, but i see that with particular web application the ip's changing is not tollerated so i have activated the "sticky connections".

      Now my question is: is possible to manage this setting with a firewall rule? my desire was to disable this config to some particular service that need more bandwidth, but to set it generally on.

      Looking forward to your reply, Regards

      P.S. Sorry for my english

      1 Reply Last reply Reply Quote 0
      • N
        Nachtfalke
        last edited by

        I do not use sticky connections option but resolved this with firewall rules.

        So you have one Gateway Group for LoadBalancing (Both WAN same Tier) and another one for Failover (Both WAN different Tier). I created an port alias and put there all ports which do not really like LoadBalancing like https and others. Then I created two firewall rules - the one with the LoadBalancing gateway Group and the other with the Failover Gateway Group and the Port Alias I specified.

        Of course instead of the port alias you can create source or destination aliases and put them into the firewall rules with your failover Gateway Group configured.

        1 Reply Last reply Reply Quote 0
        • B
          bullet92
          last edited by

          Thanks for your reply! I thing that your solution is the best way :)
          I have inserted port 80,443,465,495 and  993.. do you have other port suggestion?

          1 Reply Last reply Reply Quote 0
          • N
            Nachtfalke
            last edited by

            20,21,22,25,587,995

            No need for port 80. This is probably the service which uses most of LoadBalancing.
            You probably should only add ports which are used for encrypted connections or VPN pprts like 500,4500,1194,1723

            1 Reply Last reply Reply Quote 0
            • B
              bullet92
              last edited by

              Thanks for the tip!
              Sadly i have noted that session of some forum or page thate require a login will expire early if i use loadbalancing with port 80  :(

              p.s. i have another question, though it is OT, the loadbalancing and failover rule sholud be to the bottom or in the top then other firewall rules? and this rule allow any traffic or simply change the gateway?

              1 Reply Last reply Reply Quote 0
              • N
                Nachtfalke
                last edited by

                firewall rules will be processed from top to down. the first rule which mateches will be used. no matter if you use the default or a gateway group as gateway.

                So if you want to use LoadBalancing the rule with the LoadBalancing GW must be before the other rules.

                1 Reply Last reply Reply Quote 0
                • B
                  bullet92
                  last edited by

                  ok, but this rule in top allow all the traffic to pass o only change the traffic gateway ?

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post