Sticky Connection Alternatives



  • Hello all,

    I was wondering if anybody could advise me wether Pfsense offers an alternative to Sticky Connections?

    My network consists of 2 x WAN and 1 x LAN. The network benefitted greatly with the load balanced WAN connections however a user a user was having issues with his emails which forced me to enable sticky connections. However as far as I understand this, IPs will only ever be routed to one of the gateways now meaning my load balance isn't really as effective and speeds have been affected somewhat.

    I was wondering if there was a way of going back to keep maximum speeds but to be able to keep the sticky connection for authentication purposes for some email providers?


  • Rebel Alliance Developer Netgate

    Unfortunately, no. It's all or nothing with sticky.



  • What about using policy based routing and define a port- or host-based alias for these troublesome mail providers? Then just force them to use a failover gateway group instead of a load balanced one (use LAN firewall rules). This is what I do for HTTPS sites that don't like sessions originating from multiple IPs.



  • @luckman212:

    What about using policy based routing and define a port- or host-based alias for these troublesome mail providers? Then just force them to use a failover gateway group instead of a load balanced one (use LAN firewall rules). This is what I do for HTTS sites that don't like sessions originating from multiple IPs.

    Thanks, I'll give this a try when I'm next on site. Sorry for the late reply. This issue only popped into my head again today after thinking, "if only I didn't have that Sticky Connections issue!"



  • So I tried luckman212's suggestion and it worked! :)

    I think something like this should be commented on within Sticky Connection topic.

    Cheers all  ;D


Log in to reply