28/10/2016 How to congure pfSense as multi wan (DUAL WAN) load balance failover router

MENU

nixCraft
LinuxandUnixtutorialsfornewandseasonedsysadmin.

HowtoconfigurepfSenseasmultiwan(DUALWAN)
loadbalancefailoverrouter
byVIVEKGITEonAUGUST3,2016lastupdatedAUGUST4,2016
inFREEBSD,HARDWARE,UNIX

H owdoIsetupamultiWANloadbalancingandfailoveronpfSense
routerwithtwoADSLorcableorleasedlineorFTTH(Fibertothe
home)connections?

InthistutorialyouwilllearnhowtoconfigurepfSensetoloadbalanceandfailovertraffic
fromaLANtomultipleInternetconnections(WANs)i.e.dualwan.

GanheatR$2.300 GanheatR$1.000 GanheatR$300

GanheatR$1.300 GanheatR$700 GanheatR$2.000

Whyandhowtosetupadualwanrouter?

Adualwansetupallowsyoutoincreaseyourinternetbandwidth.Youcanloadbalance
trafficasperyourneeds.Youcangetinternetconnectionredundancyandfailover.Ifone
connectiongoesdownyourtrafficwillberoutedautomaticallytoabackupconnection.

http://www.cyberciti.biz/faq/howto-congure-dual-wan-load-balance-failover-pfsense-router/ 1/23
28/10/2016 How to congure pfSense as multi wan (DUAL WAN) load balance failover router

Requirements

TwointernetconnectionsfromtwodifferentISPs.YoucanmixmatchADSL/FTTH/4G
LTE/Cable/T1/FIOSconnectionasperyourneeds.

1.pfSenserouterwiththreenetworkports(NICS).
2.TwoISPmodemswithnetworkport(NIC)
3.StaticordynamicIPsfromISPs
4.MonitorIP#1forISP#18.8.8.8(googlednsIP)
5.MonitorIP#2forISP#2208.69.38.205(opendnsIP)

Oursamplesetup

Fig.01:Whatyoullneedtogetstartedwiththissetup

1.IhavetwoISPmodems+routerswithdynamicIPaddressassigned.
2.YouneedtoconnecteachmodemwithpfsenseusinganEthernetconnection.
3.YouneedtoconnectanetworkswitchtopfsenseusinganEthernetconnection.
4.Allsystems/servers/printers/wifionLANuses172.16.1.254/24subnetwith
172.16.1.254asadefaultgateway.

Configuration

Beforestarting,makesurealloftheWANtypeinterfacesareenabledwithstaticIPWANs
andwithagatewaysetasdescribedabove.

http://www.cyberciti.biz/faq/howto-congure-dual-wan-load-balance-failover-pfsense-router/ 2/23
28/10/2016 How to congure pfSense as multi wan (DUAL WAN) load balance failover router

Step1:ConfigurepfsenseLANinterface
OpenpfSensewebinterfaceusinghttp://172.16.1.254/>Interfaces>LANandsetitas
followsasper(fig.01):

Fig.02:LANinterfacesettings

Step2:Configurepfsensewan01interface(ADSLISP#1)
OpenpfSensewebinterfaceusinghttp://172.16.1.254/>Interfaces>WAN01andsetitas
followsasper(fig.01):

http://www.cyberciti.biz/faq/howto-congure-dual-wan-load-balance-failover-pfsense-router/ 3/23
28/10/2016 How to congure pfSense as multi wan (DUAL WAN) load balance failover router

Fig.02:Wan01(ADSLISP1)interfacesettings

NowthefirstWANinterfaceconfiguredwithaStaticIPfromtheInterfacesmenu.Ifyou
wantyoucansettypetoDHCPdependingonyourISP1modemsettings.Nextmakesure
thegatewayIPrespondstopingtoconfirmthatWAN1isactuallyonlineandworking
beforeproceeding.YoucandothisfrompfSenseitselfbyvisitingDiagnostics>Ping:

http://www.cyberciti.biz/faq/howto-congure-dual-wan-load-balance-failover-pfsense-router/ 4/23
28/10/2016 How to congure pfSense as multi wan (DUAL WAN) load balance failover router

MakesuretheISP#1gatewayrespondstopingtoconfirmthateachWAN1isactuallyonline

Step3:Configurepfsensewan02interface(ADSLISP#2)
OpenpfSensewebinterfaceusinghttp://172.16.1.254/>Interfaces>WAN02andsetitas
followsasper(fig.01):

http://www.cyberciti.biz/faq/howto-congure-dual-wan-load-balance-failover-pfsense-router/ 5/23
28/10/2016 How to congure pfSense as multi wan (DUAL WAN) load balance failover router

Fig.03:Wan02(ADSLISP2)interfacesettings

NowthesecondWANinterfaceconfiguredwithaStaticIPfromtheInterfacesmenu.Ifyou
wantyoucansettypetoDHCPdependingonyourISP2modemsettings.Nextmakesure
thegatewayIPrespondstopingtoconfirmthatWAN2isactuallyonlineandworking
beforeproceeding.YoucandothisfrompfSenseitselfbyvisitingDiagnostics>Ping:

http://www.cyberciti.biz/faq/howto-congure-dual-wan-load-balance-failover-pfsense-router/ 6/23
28/10/2016 How to congure pfSense as multi wan (DUAL WAN) load balance failover router

MakesuretheISP#2gatewayrespondstopingtoconfirmthateachWAN2isactually
online

Step4:Confirmbothgatewaysareonline
Oncebothgatewayshavebeendefined,visitStatus>Gateways:

Fig.04:Wangatewaysstatusmustbegreen

http://www.cyberciti.biz/faq/howto-congure-dual-wan-load-balance-failover-pfsense-router/ 7/23
28/10/2016 How to congure pfSense as multi wan (DUAL WAN) load balance failover router

Iftheyregreen,theconnectiontothegatewayisOKandyouneedtoconfiguremonitorIP.

Step5:ConfiguremonitorIPforeachgateway
VisitSystem>Routing>SelectGatewaystabandyouwillseeascreenasfollowswith
privateIPsetasmonitorIPforeachgateway:

Fig.05:EnsureagatewayentryexistsforeachWANinterface

Clickoneditgatewayicon(button)forwan_adsl2_l1GW(default)andsetmonitorIPto
8.8.8.8:

http://www.cyberciti.biz/faq/howto-congure-dual-wan-load-balance-failover-pfsense-router/ 8/23
28/10/2016 How to congure pfSense as multi wan (DUAL WAN) load balance failover router

Fig.06:SetmonitorIPforWAN1(ADSLISP#1)

Next,clickoneditgatewayicon(button)forWAN_ADSL2_L2(ADSLISP#2)andset
monitorIPto208.69.38.205:

http://www.cyberciti.biz/faq/howto-congure-dual-wan-load-balance-failover-pfsense-router/ 9/23
28/10/2016 How to congure pfSense as multi wan (DUAL WAN) load balance failover router

Fig.07:SetmonitorIPforWAN2(ADSLISP#2)

http://www.cyberciti.biz/faq/howto-congure-dual-wan-load-balance-failover-pfsense-router/ 10/23
28/10/2016 How to congure pfSense as multi wan (DUAL WAN) load balance failover router

Thegatewayconfigurationhasbeenchanged.Thechangesmustbeappliedforthemto
takeeffect.SoclickontheApplyChangesbutton.

Step6:ConfiguringdualWANlinkloadbalancer
Finally,youarereadytoconfigurethepfSenseasaLoadBalancerbyvisitingSystem>
Routing>SelecttheGatewayGroups>ClicktheAddbutton:

http://www.cyberciti.biz/faq/howto-congure-dual-wan-load-balance-failover-pfsense-router/ 11/23
28/10/2016 How to congure pfSense as multi wan (DUAL WAN) load balance failover router

Fig.08:Dualwanloadbalancerconfig

Where,

SetGroupNametoWanLoadBalancer.
SetGatewayPriorityforbothgatewaystoTier1.Pleasenotethatwhentwo
gatewaysareonthesametier(e.g.Tier1),theywillloadbalance.Thismeansthaton
aperconnectionbasis,connectionsareroutedovereachWANinaroundrobin
manner.Ifanygatewayonthesametiergoesdown,itisremovedfromuseandthe
othergatewaysonthetiercontinuetooperatenormally.
SetTriggerLeveltoMemberdown.
SetDescriptiontoMyDualADSLWanLinkLoadBalancer
FinallyclicktheSave>ApplyChangesbutton.

Step7:Configuringlinkfailover
Next,configurethepfSenseasafailoverforwanconnectionsbyvisitingSystem>
Routing>SelecttheGatewayGroups>ClicktheAddbutton:

http://www.cyberciti.biz/faq/howto-congure-dual-wan-load-balance-failover-pfsense-router/ 12/23
28/10/2016 How to congure pfSense as multi wan (DUAL WAN) load balance failover router

Fig.09:LinkfailoverforADSLlink1(wan1/isp1)

Whentwogatewaysareondifferenttiers,thelowertiergateway(s)arepreferred.Ifalower
tiergatewaygoesdown,itisremovedfromuseandthenexthighesttiergatewayisused.
ThisishowfailoverworksonpfSense.SotosetlinkfailoverforADSL1:

SetGroupNametoADSLLinkFailover2
SetGatewayPrioritywan_adsl2_l1GW(ISP1)toTier1
SetGatewayPrioritywan_adsl2_l2GW(ISP2)toTier2
SetTriggerLeveltoMemberdown
SetDescriptiontoLinkfailoverforADSL1

SetlinkfailoverforADSL2asfollowsandswapGatewayPriority:

http://www.cyberciti.biz/faq/howto-congure-dual-wan-load-balance-failover-pfsense-router/ 13/23
28/10/2016 How to congure pfSense as multi wan (DUAL WAN) load balance failover router

Fig.10:LinkfailoverforADSLlink2(wan2/isp2)

FinallyclicktheSave>ApplyChangesbuttontofinishtheLBandfailovergateway
configuration.

Step7:Configuringthefirewallrulesforloadbalancer
YouneedtopasstraffictotheseLBsusingtheGatewaysettingonfirewallrules.Clickon
Firewall>Rules>Lan>Addandsetitasfollows:

http://www.cyberciti.biz/faq/howto-congure-dual-wan-load-balance-failover-pfsense-router/ 14/23
28/10/2016 How to congure pfSense as multi wan (DUAL WAN) load balance failover router

Fig.11:LBfirewallrule

http://www.cyberciti.biz/faq/howto-congure-dual-wan-load-balance-failover-pfsense-router/ 15/23
28/10/2016 How to congure pfSense as multi wan (DUAL WAN) load balance failover router

ClickontheDisplayadvancedbutton>scrolldown>findGatewayoptionandsetitto
WanLoadBalancer:

SetgatewaytoWanLoadBalancer

ClicktheSave>ApplyChangesbuttontosavefirewallrules.

Step8:Configuringthefirewallrulesforfailover
YouneedtopasstraffictothesefailovergatewaysusingtheGatewaysettingonfirewall
rules.ClickonFirewall>Rules>Lan>Addandsetitasfollows:

http://www.cyberciti.biz/faq/howto-congure-dual-wan-load-balance-failover-pfsense-router/ 16/23
28/10/2016 How to congure pfSense as multi wan (DUAL WAN) load balance failover router

Fig.12:FailoverfirewallruleforISP1/ADSL1link

http://www.cyberciti.biz/faq/howto-congure-dual-wan-load-balance-failover-pfsense-router/ 17/23
28/10/2016 How to congure pfSense as multi wan (DUAL WAN) load balance failover router

ClickontheDisplayadvancedbutton>scrolldown>findGatewayoptionandsetit
toADSLLinkFailover1:

SetgatewaytoADSLLinkFailover1

ClicktheSave>ApplyChangesbuttontosavefirewallrules.Repeatthefirewallrulefor
ADSLLinkFailover2.

Step9:Clientconfiguration
MakesureyouassignalltheIPaddressesinthefollowingrangetoyourclientcomputers:

Network:172.16.1.254/24
IPranges:172.16.1.1to172.16.1.253
Defaultgateway:172.16.1.254
DNSserver:172.16.1.254(or8.8.8.8/8.8.4.4)

Testitasfollowsfromclientsystem(ImusingOpenBSD):

$ifconfigvio0
$netstatnrfinet
$pingc2google.com
$hostcyberciti.biz172.16.1.254

http://www.cyberciti.biz/faq/howto-congure-dual-wan-load-balance-failover-pfsense-router/ 18/23
28/10/2016 How to congure pfSense as multi wan (DUAL WAN) load balance failover router

Sampleoutputs:

Fig.13:TestingyourpfSenseLB/Failoverrouter

Youcanrunaspeedtestusingfast.comorspeedtest.net.Youwillnoticeanduseboth
internetconnectionwhenusingTorrentsanddownloadingalargefilefromloadbalancing.
Youcanusethespeedtestcliasfollowstoverifythatbandwidthisdoubledfromaclient
computer:

$pythonspeedtestcli

http://www.cyberciti.biz/faq/howto-congure-dual-wan-load-balance-failover-pfsense-router/ 19/23
28/10/2016 How to congure pfSense as multi wan (DUAL WAN) load balance failover router

Ifoneinternetconnectionsgoesdown,youwillbestillconnectedviafailover.

Whatnext?

Youwillgetthewan(internet)connectionredundancyandloadbalancingbutnottherouter
redundancy.Yourinternetconnectionwillgodown,ifyourpfSenserouterfaileddueto
hardwareproblems.Thisdrawbackcanbeaddressedusingrouterredundancysetup.

Sharethistutorialon:
Twitter Facebook Google+ DownloadPDFversion Foundanerror/typoonthispage?

Abouttheauthor:VivekGiteisaseasonedsysadminandatrainerfortheLinux/Unix&shell
scripting.FollowhimonTwitter.ORreadmorelikethis:
EnableLinuxdualcoreCPUsupportformyServer
HowtoinstallhtoponpfSensefirewall
HowToPFSenseConfigureNetworkInterfaceAsABridge/NetworkSwitch
CentosInstallandConfigureMRTG
Howto:Linuxdetectorfindoutadualcorecpu
HowToInstallpfSenseFirewallOnaHardDiskDriveWithSerialConsole
HowdoIviewmyLinuxorUNIXserverbandwidthusage?
FreeBSD:NICBonding/LinkAggregation/Trunking/LinkFailover
WhatdoIdoifmyLinuxServer/Workstationdoesnotboot?
CentOS/RedhatLinux:InstallKeepalivedToProvideIPFailoverForWeb

{6commentsaddone}

thiagoc August3,2016,10:19pm

tire>tier

REPLY LINK

VivekGite August4,2016,3:53am
Thanksfortheheadsup!

http://www.cyberciti.biz/faq/howto-congure-dual-wan-load-balance-failover-pfsense-router/ 20/23
28/10/2016 How to congure pfSense as multi wan (DUAL WAN) load balance failover router

REPLY LINK

ewhyTech August4,2016,9:39am

Itsimportanttonotethatthesetup,above,shouldhaveaStaticIPaddress
assigned,bytheISP.MostbusinessaccountswillincludeafewStaticIPs(anywherefrom
316addresses),aspartoftheserviceagreement.

However,ifyouretryingthisonaprivateISPconnection,youlleitherhavetoaskyourISP
forasStaticIPaddress.OryoullhavetoconfigyourWANinterfacetograbanaddressvia
DHCP,first.And,then,eitheruseasis.

Or,reconfiguretheWANinterfacetousetheDHCPaddressasastaticaddress.

[NOTE:GrabbinganIPviaDHCP,thenenteringitasaStaticIP,willBREAKyour
configuration,intheeventthatyourISPupdatestheirnetwork,orthereisalongterm
poweroutage.orjustanythingthatmaycauseyourISPModem(orpfSens)torefresh
theDHCPLease.]

REPLY LINK

Alex August5,2016,12:58am

Howdoesthissetuphandlesnat?Ifthereisawebserverorftpserverworking
withintheinternalnetworkwillitcontinuetoworkifoneoftheISPsgoesdown?Istherea
specificwaytoconfigurenat/rulesiftheuserwantstohostemailorwebservicesbehind
thatrouter?

REPLY LINK

Mark August5,2016,12:33pm

CanweaddasmanyWANconnectionsaswewant(withinhardwarelimits)?

REPLY LINK

http://www.cyberciti.biz/faq/howto-congure-dual-wan-load-balance-failover-pfsense-router/ 21/23
28/10/2016 How to congure pfSense as multi wan (DUAL WAN) load balance failover router

FranciscoGonzalez August5,2016,1:21pm

Nicetutorial!justonething,theSSLtraffic,Ivenoticedproblemswithappslike
bankingandCPanel,lastonecomplainssamesessionwith2differentsIPsandyouget
totheloginpageagain,personallyIseparatetheSSLtrafficfromHTTPusingsourceport
inthefirewallrulesandusingfailoverruleslikeyoushowusforSSLonly.

Againverynicetutorial!

Francisco

REPLY LINK

Security:Areyouarobotorhuman?

No sou um rob
reCAPTCHA
Privacidade - Termos

LeaveaComment

Name

Email

Comment

ReceiveEmailNotifications?
yes,repliestomycomment instantly
Or,youcansubscribewithoutcommenting.

http://www.cyberciti.biz/faq/howto-congure-dual-wan-load-balance-failover-pfsense-router/ 22/23
28/10/2016 How to congure pfSense as multi wan (DUAL WAN) load balance failover router

Submit

YoucanusetheseHTMLtagsandattributes:<strong><em><pre><code><ahref=""
title="">

Taggedwith:Advanced

NextFAQ:HowtoseeCPUtemperatureonCentOS7andRedHatEnterpriseLinux7
PreviousFAQ:PHPfpmTooManyOpenFiles24Error(setopenfiledescriptorlimit)

Tosearch,typeandhitenter

20002016nixCraft.Allrightsreserved.PrivacyTermsofServiceQuestionsorComments

http://www.cyberciti.biz/faq/howto-congure-dual-wan-load-balance-failover-pfsense-router/ 23/23