Putting pfSense at work.



  • Hello all.

    I work for an University, right now we have 3 Internet lines and want to loadbalance all this conection, i already did this kind of configuration at home, but here is a bit different. my boss want a redundant solution and is asking me about how pfsense will work in a setup like this.

    pfsense + load balance - failover + CARP

    I really want to put this in produccion, with this setup we gonna remove a few equipments
    Cisco 3700, 2x MS ISA Servers 2004



  • You will need 3 static IPs (have to be within the same subnet) for each wan and lan. One for the master machine, one for the backup machine and one that can be shared between them. Besides that it's similiar to a standalone loadbalancing setup besides that you add some VIPs and some manual outbound nat rules to make the system use the VIP instead of the real interface IP.

    http://www.pfsense.org/mirror.php?section=tutorials/carp/carp-cluster-new.htm should walk you through the basic settings of CARP (some screens and options have slightly changed but the basics are still covered).

    http://doc.pfsense.org/index.php/MultiWanVersion1.2



  • Thanks hoba for the reply.

    i have the enough ip address on each wan.

    how many lans can be configured ? using vlan tags ?  we wanna put almost 6 lans behind the pfsenseS.
    we have 2 PE2950 for each pfsense.

    i`m drawing a diagram to post it here..



  • I have an installation with 10 Nics, plus vlans, running on IBM X3550.
    The only problem with many networks is the interface layout :-D, it overflow on the right. ;D ;D



  • I have 9 interfaces at work including the 3 wans and a dedicated sync interface. Only sync and lan are dedicated interfaces. everything else runs on vlans on a 3rd physical interface.



  • sound nice… here a little diagram showing how we gonna deploy the pfsense carp cluster.. very simple but we are an university who makes all his student related things via internet my boss wanna be 100% secure about putting an OpenSource solution in front of his webservers  :P

    anyways we are planing to get pfsense on one box and load balancing only the user who uses internet and later make the CARP and the DMZ for the webservers..




  • looks good to me  :)


Locked