pfSense Load Balancing

pfSense load balancing

Creating a load balancing pool in pfSense 2.2.4.

In the previous article, we covered how to set up load balancing for a multi-WAN configuration. In this article, we will cover load balancing and failover in cases that don’t involve multiple WAN interfaces.

pfSense Load Balancing

To configure a pfSense load balancing pool, log into the pfSense web GUI and navigate to Services -> Load Balancer. On the Pools tab, click the plus button. This will take you to the Load Balancer configuration page.

In the Name field, fill in a name for the failover pool up to 16 characters in length. This will be the name used to refer to this pool in the Gateway field in the firewall rules. In the Description field, you may enter a description for your own reference. The Description field is optional and does not affect functionality, while the Name field is required. For Mode, select either Load Balance to set up a load balancing pool. In Port, enter the port your servers are listening on, and in Retry specify how many times to check a server before declaring it to be down. In Monitor, select the protocol to be used for monitoring the servers (usually ICMP). In Server IP Address, you enter the IP address that will determine whether the chosen interface is available. If pings to this address fail, this interface is marked as down and is no longer used until it is accessible again.

After selecting an interface and choosing a monitor IP, you can press the Add to pool button to add the interface. After adding the first interface to the pool, select the second interface, sselect its monitor IP, and press Add to pool again. When finished adding interfaces to the pool, press save, and then press Apply changes on the next page.


Failover refers to the ability to use only one WAN connection, but switch to another WAN if the preferred connection fails. This is useful in situations where you want certain traffic, or all of your traffic to utilize one specific WAN connection unless it is unavailable.

To set up a failover group, navigate to Services -> Load Balancer, and click on the plus button, the same as you would when configuring a load balancing pool. In the Name field, fill in a name for the failover pool (again, up to 16 characters in length). In the Description field, you may enter a descripton for your reference.

For the Mode, select Failover. In Port, enter the port your servers are listening on, and in Retry, enter the number of times the server should be checked before being declared to be down. In the Monitor field, set a protocol for monitoring, and in Server IP Address, set the monitor IP. Once you have entered all this information, you can press the Add to pool button. You have added the first interface.

Since this is a failover pool, the first interface aded while be used as long as its monitor IP is responding to pings. If the first interface added to the pool fails, the second interface in the pool will be used. Make sure you add the interfaces to the pool in order of preference. The first in the list will always be used unless it fails, at which point the remaining interfaces in the list are fallen back on in top down order.

Additional interfaces can be added by entering the information for them and clicking Add to pool again. When finished adding interfaces to the pool, press Save, and then Apply Changes on the next page.


External Links:

Inbound Load Balancing on doc.pfsense.org
How to Use pfSense to Load Balance Your Servers on howtoforge.com

pfSense Load Balancing: Part Two

In part one on my series on pfSense load balancing, we configured the two WAN gateways. In part two of this series on pfSense load balancing, we will set up a load balanced gateway group.

pfSense Load Balancing: Configuring Interfaces for MultiWAN

pfSense Load Balancing

Configuring the WAN interface.

First, we must configure the interfaces. Navigate to Interfaces -> WAN. and click on “Enable Interface” if it is not already checked. At “Type“, change the interface type to “Static“. At “Static IP Configuration“, type in an IP address (in this case, 192.168.3.12). Select “24” in the drop-down box next to the IP address edit box, to indicate the proper network prefix. This is important, because if the network prefix is not set, we will not be able to enter a monitor IP address later on. At “Gateway“, specify the WAN gateway (192.168.3.11). Set Leave “Block private networks” and “Block bogon networks” checked. Press the “Save” button to save the changes and on the next page press “Apply changes” if necessary.


Now the OPT1 interface must be configured. Navigate to Interfaces -> OPT1 and click on “Enable Interface”. At “Type“, change the interface type to “Static“. At “Static IP Configuration”, type in an IP address (in this case, 192.168.3.2). Again, select “24” in the drop-down box to indicate the network prefix. At “Gateway“, specify the WAN gateway (192.168.3.1).Again, leave “Block private networks” and “Block bogon networks” checked. Press the “Save” button to save the changes and on the next page press “Apply changes” if necessary.

pfSense Load Balancing: Creating the Gateway Group

pfSense Load Balancing

Adding a gateway group in pfSense 2.0.

Now that both interfaces are configured, we can create the gateway group. Navigate to System -> Routing and click on the “Groups” tab. At “Group Name”, enter a name (e.g., “MultiWAN”). At “Gateway Priority“, set both WAN and WAN2 to “Tier 1”. Leave the “Trigger Level” at “Member Down”, and at “Description“, enter a description (e.g., “WAN gateway group”).Press the “Save” button to save the changes and on the next page press “Apply changes” if necessary.


Before we go any further, we may want to enter a Monitor IP. Click on the “Gateways” tab at System -> Routing and click on the “edit” button for WAN. At “Monitor IP“, enter an alternative monitor IP or domain name (I opted for Google, so I entered Google’s IP, 173.194.43.33). Once this is done, click the “Save” button to save changes. Repeat this procedure for the WAN2 interface (it would be prudent to choose a different monitor IP, so that a failure of the host selected for the monitor IP does not result in pfSense thinking both gateways are down). Once you have pressed the “Save” button on the WAN2 configuration page, press “Apply Changes” on the next page if necessary.

pfSense Load Balancing: Adding a Firewall Rule

Now all that is left to do is to configure a firewall rule. Navigate to Firewall -> Rules and click the “plus” button to create a new firewall rule. At “Action“, select “pass” in the drop-down box. At “Interface“, be sure to select the LAN interface. At “Protocol“, set the protocol to “any”. At “Source“, set the source to “any”, and at “Destination”, set the destination to any. At “Description“, add a description. Scroll down to “Advanced features” and press the “Advanced” button next to “Gateway“. Select “MultiWAN” as the gateway. Then press “Save” to save the changes and on the next page, press “Apply Changes” if necessary.

Now, all traffic from our LAN will go through the gateway group. Since the gateway group consists of two WAN gateways on the same level of priority, traffic will alternate back and forth in round-robin fashion. Also, because each gateway within the group is monitoring an external IP address, pfSense will know when a gateway is down and exclude that member from the group.

Other Articles in This Series:

pfSense Load Balancing: Part One

pfSense Load Balancing: Part Three (Web Server Failover)

External Links:

Configure Load Balancing on Your Site Using the pfSense Firewall

pfSense Load Balancing: Part One

pfSense Load Balancing

Configuring OPT1 as WAN2 so we can set up a gateway group later on.

In computer networking, load balancing is a method for distributing workloads across multiple computers or a computer cluster, network links, CPUs, storage devices, or other resources. When load balancing is employed, we are looking not just to distribute workloads but to optimize resource use, maximize throughput, minimize response time, and avoid overhead. Using multiple components with load balancing instead of a single company can also increase reliability through redundancy. Load balancing has implicit failover capabilities, since load balancing software is capable of detecting when a resource (e.g. network interface, hard drive) is down and excludes it from the group. Load balancing is usually provided by dedicated software or hardware, such as a multilayer switch or a Domain Name System process, or, as we shall soon see, through pfSense. In this article, I will begin our look at pfSense load balancing.


pfSense Load Balancing: Gateway Configuration

As an example, let’s assume we want to set up multiple WAN interfaces and use load balancing on the group. A default WAN gateway was already created when pfSense was set up. In this example, we will use OPT1 as an additional gateway, and then add both the default interface and OPT1 to a newly-created gateway group, which will employ pfSense load balancing to distribute the workload in round-robin fashion.

The first part of our configuration follows the steps outlined in my <a href=”http://pfsensesetup.com/pfsense-gateways/”>article on gateways</a>. In order to set up our second gateway, first browse to System -> Routing. Click on the “Gateway” tab, if it is not already selected. Click on the “plus” button to add a new gateway. At “Interface”, select OPT1 in the drop-down box. At “Name”, type a name, such as “WAN2”. At “Gateway”, type in the IP address of the network interface (in this case, 192.168.3.1). Check “Default Gateway”, and at “Description”, add a description. Then press the “Save” button to save changes, and, if necessary, press the “Apply changes” button on the next screen.


Next, we will make some changes to the WAN interface (the one described as “Interface WAN Dynamic Gateway”). From the Gateways tab, click on the “edit” button. We can leave “Interface and Name” unchanged, but at “Gateway” we will type an IP address (in this case, 192.168.3.11). Click on “Default Gateway” and change the description to something appropriate (e.g. “WAN gateway). Then press the “Save” button to save the changes, and press the “Apply Changes” button if necessary.

Now we have the two interfaces configured correctly. In part two of this series on pfSense load balancing, we will take our newly-configured WAN interfaces and add them to a gateway group, and configure load balancing for the group.

Erratum: The Original Instructions I Posted Contained an Error, and Here’s Why

It occurred to me when composing Part Two of this article that I made a mistake. I set the WAN gateway to 192.168.4.1 originally; however, since WAN2 is on the 192.168.3.0 subnet, and both WAN gateways will likely be connecting to the same network, they should be on the same subnet. Therefore, I amended the instructions for Part One so that WAN is set to 192.168.3.11. I apologize for any confusion I may have caused.

Other Articles in This Series

pfSense Load Balancing: Part Two

pfSense Load Balancing: Part Three (Web Server Failover)

External Links:

Load Balancing at Wikipedia

Setup Incoming pfSense Load Balancing at doc.pfsense.org

Multi-WAN Load Balancing at pfsensesolution.blogspot.com

© 2013 David Zientara. All rights reserved. Privacy Policy