Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Please i have a qestion in load balancing

    Scheduled Pinned Locked Moved General pfSense Questions
    11 Posts 4 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H Offline
      hadiri
      last edited by

      thank you,
      please i have a qestion in load balancing When i enter in cpanel my account going out and Then ask a re-entry Because cpanel Does not accept entry by two Addresses

      1 Reply Last reply Reply Quote 0
      • H Offline
        heper
        last edited by

        its generally advised to failover https traffic instead of balancing

        1 Reply Last reply Reply Quote 0
        • H Offline
          hadiri
          last edited by

          thank you But I want to work by load balancing is it possible to add a rule rectify this problem

          1 Reply Last reply Reply Quote 0
          • H Offline
            heper
            last edited by

            yes if you want to ignore advice, then you can try sticky connections:
            System=> Advanced=> Miscellaneous=> Use Sticky Connections

            to disable loadbalancing for certain destinations:

            • create a failover group (different tiers)
            • create an alias with the hosts you DONT want to loadbalance
            • create rule on the top of LAN rules with these settings: PASS/proto:any/src=lan-subnet/dst:your_alias/gateway=failover_group
            1 Reply Last reply Reply Quote 0
            • H Offline
              hadiri
              last edited by

              thank you its work 100/100

              1 Reply Last reply Reply Quote 0
              • H Offline
                hadiri
                last edited by

                I want to give a report on the pfsense and I need pictures of these configuration
                to disable loadbalancing for certain destinations:

                • create a failover group (different tiers)
                • create an alias with the hosts you DONT want to loadbalance
                • create rule on the top of LAN rules with these settings: PASS/proto:any/src=lan-subnet/dst:your_alias/gateway=failover_group
                  please help me
                1 Reply Last reply Reply Quote 0
                • C Offline
                  chris4916
                  last edited by

                  @heper:

                  its generally advised to failover https traffic instead of balancing

                  Why?

                  I'm using load-balancing mainly for HTTP/HTTPS without any issue (so far)
                  As access is done from Squid proxy (obviously not running on pfSense but from LAN), it just works.

                  What matters here is to enable the "Use sticky connection" in advanced/miscellaneous menu  ;)

                  Load-balancing is not perfect but it allows almost 20 Mb/s bandwidth when load is balanced between 2 ADSL at 10 Mb/s each. Not so bad  8)

                  Jah Olela Wembo: Les mots se muent en maux quand ils indisposent, agressent ou blessent.

                  1 Reply Last reply Reply Quote 0
                  • jimpJ Offline
                    jimp Rebel Alliance Developer Netgate
                    last edited by

                    @chris4916:

                    @heper:

                    its generally advised to failover https traffic instead of balancing

                    Why?

                    Sites such as banks that check the source IP address for HTTPS sessions will drop you or block you if you login from one IP address and then connect from another. Because browsers tend to create multiple connections, each of these could be using a different WAN when using load balancing.

                    The only ways to ensure the traffic keeps the same IP address are:
                    1. Do failover for all HTTPS (or at least the sites in question)
                    2. Activate sticky, which creates a USER-to-GATEWAY pairing  so all of a particular user's traffic will leave via one WAN. Users will be balanced, but not their individual connections. This can help in some ways (like with HTTPS) but hurt in others (one user can saturate one WAN, rather than balancing)

                    Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                    Need help fast? Netgate Global Support!

                    Do not Chat/PM for help!

                    1 Reply Last reply Reply Quote 0
                    • C Offline
                      chris4916
                      last edited by

                      Indeed sites requiring multiple session may fail.

                      @jimp:

                      1. Do failover for all HTTPS (or at least the sites in question)

                      Which would mean to maintain alias based on fqdn and set FW rules for these aliases?

                      2. Activate sticky, which creates a USER-to-GATEWAY pairing  so all of a particular user's traffic will leave via one WAN. Users will be balanced, but not their individual connections. This can help in some ways (like with HTTPS) but hurt in others (one user can saturate one WAN, rather than balancing)

                      This doesn't work if using proxy does it?

                      Jah Olela Wembo: Les mots se muent en maux quand ils indisposent, agressent ou blessent.

                      1 Reply Last reply Reply Quote 0
                      • jimpJ Offline
                        jimp Rebel Alliance Developer Netgate
                        last edited by

                        @chris4916:

                        Which would mean to maintain alias based on fqdn and set FW rules for these aliases?

                        Depends on the site. Some sites are too complicated to match that way. See many other threads on the topic.

                        @chris4916:

                        This doesn't work if using proxy does it?

                        Load balancing doesn't work at all when using a proxy on the firewall, so it's a moot point.

                        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                        Need help fast? Netgate Global Support!

                        Do not Chat/PM for help!

                        1 Reply Last reply Reply Quote 0
                        • C Offline
                          chris4916
                          last edited by

                          @jimp:

                          Load balancing doesn't work at all when using a proxy on the firewall, so it's a moot point.

                          This is crystal clear (to me) and pretty obvious.
                          I was not meaning "with proxy on pfSense"  ;)

                          Jah Olela Wembo: Les mots se muent en maux quand ils indisposent, agressent ou blessent.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.