• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Manage sticky connection?!

Scheduled Pinned Locked Moved Routing and Multi WAN
7 Posts 2 Posters 2.2k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • B
    bullet92
    last edited by Aug 14, 2013, 9:45 AM

    hi i'm new here!  :)
    I have just configured my first pfsense system(v 2.03). I was able to correctly configure  a MultiWAN configuration with LoadBalancing and FailOver, but i see that with particular web application the ip's changing is not tollerated so i have activated the "sticky connections".

    Now my question is: is possible to manage this setting with a firewall rule? my desire was to disable this config to some particular service that need more bandwidth, but to set it generally on.

    Looking forward to your reply, Regards

    P.S. Sorry for my english

    1 Reply Last reply Reply Quote 0
    • N
      Nachtfalke
      last edited by Aug 14, 2013, 12:29 PM

      I do not use sticky connections option but resolved this with firewall rules.

      So you have one Gateway Group for LoadBalancing (Both WAN same Tier) and another one for Failover (Both WAN different Tier). I created an port alias and put there all ports which do not really like LoadBalancing like https and others. Then I created two firewall rules - the one with the LoadBalancing gateway Group and the other with the Failover Gateway Group and the Port Alias I specified.

      Of course instead of the port alias you can create source or destination aliases and put them into the firewall rules with your failover Gateway Group configured.

      1 Reply Last reply Reply Quote 0
      • B
        bullet92
        last edited by Aug 16, 2013, 2:21 PM

        Thanks for your reply! I thing that your solution is the best way :)
        I have inserted port 80,443,465,495 and  993.. do you have other port suggestion?

        1 Reply Last reply Reply Quote 0
        • N
          Nachtfalke
          last edited by Aug 16, 2013, 9:38 PM

          20,21,22,25,587,995

          No need for port 80. This is probably the service which uses most of LoadBalancing.
          You probably should only add ports which are used for encrypted connections or VPN pprts like 500,4500,1194,1723

          1 Reply Last reply Reply Quote 0
          • B
            bullet92
            last edited by Aug 17, 2013, 9:34 AM Aug 17, 2013, 9:26 AM

            Thanks for the tip!
            Sadly i have noted that session of some forum or page thate require a login will expire early if i use loadbalancing with port 80  :(

            p.s. i have another question, though it is OT, the loadbalancing and failover rule sholud be to the bottom or in the top then other firewall rules? and this rule allow any traffic or simply change the gateway?

            1 Reply Last reply Reply Quote 0
            • N
              Nachtfalke
              last edited by Aug 17, 2013, 2:30 PM

              firewall rules will be processed from top to down. the first rule which mateches will be used. no matter if you use the default or a gateway group as gateway.

              So if you want to use LoadBalancing the rule with the LoadBalancing GW must be before the other rules.

              1 Reply Last reply Reply Quote 0
              • B
                bullet92
                last edited by Aug 20, 2013, 7:19 AM

                ok, but this rule in top allow all the traffic to pass o only change the traffic gateway ?

                1 Reply Last reply Reply Quote 0
                7 out of 7
                • First post
                  7/7
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                  This community forum collects and processes your personal information.
                  consent.not_received