Configure pfsense with 4 nic card where 3 nic card will use for ISP

  • Hello Folks,

    I have a system with 5 NIC card and I have 3 ISP With Physical cable connection now I wants to configure pfsense firewall with 3 ISP using 3 NIC card and 4th NIC will be used for LAN purpose and also i wants to enable failover based on all 3 ISP. So Please help me out that how do I configure pfsense firewall using 3 ISP.

    Ashwani Kumar

  • some one has any idea about this??

  • I have never done what you are doing due to only one WAN, but this article may help you.

  • That doc that KOM has pointed to is good. The principles are the same for 2, 3, 4,… WANs. Get the WANs working, make gateway groups fro failover and/or load balancing, use rules to feed traffic into the gateway groups, done.

  • KOM and Phil Thanks for reply !!!!!

    I am trying to configure but can you guys please help me out with creating gateway group and writing rules for these group or other person who has good idea about this.

    Ashwani Kumat

  • I've never tried it as I have only ever had one WAN to play with.

  • System->Routing, Groups tab. Add a group. Make all the WANs Tier1 to make a load-balanced group, or set an order of tiers if you want to have some traffic use a particular WAN and failover over to other/s.

    Firewall->Rules, LAN.
    Add rule/s above the pass all rule.
    For traffic you want to load-balance (e.g. all traffic to HTTP/HTTPS ports), put a rule to pass source LANnet, destination any IP and ports HTTP, HTTPS. Select the load-balance gateway group in the advanced section.
    For traffic you want to failover (e.g. to mail server/s) put a rule to pass source LANnet, destination any IP, ports (a list of mail server ports 25…). Select the failover gateway group.

    You have to first define yourself where you want the traffic to go on the various WANs, then you can design an implementation of gateway groups and rules to achieve it.

  • Take note of your gateway monitoring since most cable connections coming out of the modem are already translated unless you're in bridge mode. Failover rules might not work properly.

  • also: don't loadbalance https.
    plenty https sites get broken if they get a different source-ip every other time.

  • My question is: adding the second, third, etc. WAN, how can I force pfSense to apply the same WAN firewall rules to the other WAN(s)?

  • you could create interface groups and apply firewall rules on the group instead of the individual interfaces.
    (interfaces–>assign-->interface groups)

  • Isn't simpler to just tell pfSense "this is another WAN interface; please, setup firewall rules accordingly"?

    Or, just creating another WAN (aka, another interface with no rules in it, except for Bogon ones) is sufficient?

  • pfsense doesn't have WAN-interfaces …. it just has interfaces. In other words, there is (currently) no system in place to distinguish a use-case between interfaces. (any interface can be a wan or lan or tunnel or .....)
    everything can be changed offcourse, but i don't know if anyone would want to.

  • Are you still facing the issue? If so, then try visa card generator with money available online. You can try it I hope it might help you.

Log in to reply