How to Setup Failover and Load Balancing in PFSense

Step 4: Configuring Gateway Group

10. After configuring Gateway monitoring, click on Groups to create a Gateway Group. Click + button right to add new GW group.

11. Give a Group Name and choose Tier for WAN1 and WAN2 and make changes by clicking on Save.

I have provided my group name as TecmintADSL and chosen tier1. To obtain a LoadBalancer we have to select more than one gateway in same tier.

Step 5: Configuring Firewall Rules

12. After creating a Group, now it’s time to create firewall rules for the created group, to assign the Rules, navigate to “FIREWALL” from top and choose “RULES“.

Choose the LAN interface and edit configuration.

13. At the bottom of the page, choose the created Gateway Group “TecmintADSL” by clicking on Advanced under Gateway option and click on save to Apply changes to make the changes permanent.

After applying modifications, you can see the gateway and advanced icon as show below.

We have successfully setup-ed our LoadBalancer, Now let us verify how it work’s.

Step 6: Testing LoadBalancer

14. To verify the Load Balancer, go the ‘Status‘ from the top Menu and click on “Gateways” to verify that the both Gateways are online.

15. To get the real time Graph we can use “Traffic Graph” under “Status” menu.

Step 7: Setup Failover Using Pfsense

16. To setup a failover in Pfsense, we need to create different Tier, navigate to “System” menu and choose “Routing“. There we can see Gateways already assigned for LoadBalancer, so let’s create two groups for failover now.

Choose “Groups” under System: Gateway Groups. Here we will create two groups, the first group we will be creating for WAN1 and the second group for WAN2, if WAN1 fails it will automatically switch to WAN2 and vise-versa.

Create a Group in the name of WAN1Failover, Choose WAN1 with Tier1 and WAN2 with Tier2, if WAN1 fails it will switch to WAN2. Choose Packet Loss for Tigger Level, When ever ping reply to DNS packet Loss it will switch to WAN2.

17. Follow the same above instructions for creating WAN2Failover group. Choose WAN2 with Tier2 and WAN2 with Tier1, If WAN2 fails it will Switch to WAN1. Choose Packet Loss for Trigger Level. Here to when ever ping fails to DNS it will Switch to WAN1.

Now, we will get three groups, first for LoadBalancing, second and third for Failover.

Step 8: Configure Firewall Rules for Failover

18. Now, here we need to assign firewall rules for failover, To configure firewall rules navigate to “Firewall” and choose “Rules“. Under LAN we have to add new rules for failover.

Click on + Symbol in right side to add new rules.

Make changes to below options.

1. Interface = LAN
2. Protocol = any
3. Source = LAN net
4. Description = What ever you wish for fail-over.

Under advance settings of Gateway choose WAN1Failover and save, repeat the same instructions to configure WAN2Failover.

19. After adding the above rules, you can see the below listed rules for both LoadBalancer and Failover.

20. Now it’s time to assign at least one DNS server for our Gateway and apply changes and make sure to check the Status of our Gateway.

From “System” Menu choose “General Setup” and check for DNS respectively, which we have assigned under gateway.

Choose “Status” menu and click on “Gateways” to get the status.

That’s it we have successfully deployed a Failover in pfsense.

Conclusion

The above pfsense LoadBalancer and Failover setup can be used in home or office environments only if you have Dual ISP connection’s. Instead of paying for a branded dedicated Router with LB options we can use this setup to build a LB with Failover.