Is this multi-WAN setup correct?
-
Hello,
I have to setup a pfSense box to do LoadBalancing & Failover for 4 WAN connections, and I'm trying to wrap my head around the Tier system.
The Load Balancing part was pretty straight forward, but I'm not sure how to setup the Failover part.
Basically, in case one WAN goes down I want the other three to take over and load balance between them.Here's how my setup looks so far (it's in a VM for the moment):
Is this correct?
Thank you.
-
You did the Multi-WAN setup like it was on pfsense 1.2.x I think.
Since pfsense 2.x you probably only need one or two groups to get this working.
LoadBalancing and Failover is working this way:
All gateways in a group with the same Tier do loadbalancing. If one or more of these gateways go down all other working gateways with the same tier do loadbalancing.If all gateways with Tier 1 are down then pfsense switches to the next higher Tier (Tier2) and uses the gateways in Tier 2. if there are all down it moves to Tier 3 and so on. If a gateway from a lower Tier comes back up it switches to this gateways.
So if you put all your 4 WAN connections into a group and all gateways have the same Tier then these do loadbalancing and if one GW hoes down the other 3 WAN connectiongs do loadbalancing.
If you use "Sticky connections" on SYSTEM –> ADVANCED then this one group will be enough.
If you do not use sticky connections you should create another group which will handly traffic for https and other secure protocols because https and other secure connections do not like loadbalancing because the IP switches.So you should create a second Loadbalancing group and put all 4 WAN into this group and all have a different tier.
You then need to select this group as the gateway in your firewall rules for https traffic. So all https traffic users the WAN with Tier 1, if this WAN will go down the group switches to another WAN with Tier 2 and so on.Good luck!
-
Thank you. That is very helpful.