pfSense Multiple WAN Load Balance and Automatic Failover
pfSense is a free, most trusted, and open-source firewall and router that also features unified threat management, multi-WAN load balancing, VPN server, Content filtering, and automatic failover. Distribution based on FreeBSD. It can be installed on a physical computer or virtual machine to make a dedicated enterprise-level firewall for the organization.
Let’s start to configure dual WAN load-balance and automatic failover on pfsense.
In the first step, configure pfsense interfaces. Login to your pfsense via the web interface. And add the interfaces. For this demo, I’m going to add the 3 interfaces. WAN, WAN2, and LAN. WAN and WAN2 are ISP interfaces and LAN is a private interface.
Go to interfaces – Assignments and add the interfaces.
Select each WAN interface and configure the network with supported by ISP. In my case, the ISP provides the static IP. Enable interface must be selected in all interfaces. Enter the IP address with the subnet, provide an upstream gateway, select block bogon networks.m, and click on save.
we don’t need an upstream gateway for the LAN section.
Now, go to the System – Routing – Gateways. There are two gateways. WAN1 gateway and WAN2 gateway. Select the edit button. insert the monitor IP. I am monitoring Cloudflare (220.127.116.11) and google (18.104.22.168) DNS. Make sure that the Disable gateway monitoring and Disable gateway monitoring action is unchecked or unselected.
In the next step, navigate to the Gateway Groups and Add.
In this gateway group, we will combine both ISP and the bandwidth will be increased. The group Name is WANCOMBINE. Gateway Priority must be Tier 1 in both gateways. Trigger Level is Member Down. and save.
After that, we need to create the firewall rule to redirect traffic to the created gateway group.
There is one default rule in the LAN section. you can copy the rule and make changes as you require. Or add the new rule. I will continue with adding a new rule.
In the new rule. Action – pass, Interface – LAN, Protocol – Any, Source and Destination – Any and expand the Avance Options. In the Advance option, find the Gateway and select WANCOMBINE and save it.
And make sure that the newly created rule is on top. Or after the Anti-Lockout Rule.
Now your ISP or bandwidth is combined or increased. You can test and verify using speed test sites.
For the failover testing, take down the gateway forcefully from the gateway edit. All the clients will receive the traffic from up and running ISP or WAN. Turn on the taken-down gateway, the firewall will load balance the clients to the two ISP or WAN and WAN2.
have a nice day.