Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Wi-Fi Router Charts

Click for Wi-Fi Router Charts

Mesh System Charts

Click for Wi-Fi Mesh System Charts

Load Balancing & Failover

Now we are going to set up load balancing and failover. Let's look at the diagram from the pfSense tutorial again, and gather our required parameters before we begin.

pfSense block diagram

Figure 12: pfSense block diagram

We need our interface IP gateway addresses and the address for a ISP DNS server used on the corresponding interface. We will be using the DNS address as the monitor address, to verify the interface is up and running via a simple ping to that address. The values in Table 2 are actual addresses I used for Cerberus. Your values may be different.

Interface IP address DNS address
Gateway Primary ISP

Gateway Secondary ISP (OPT1)
Table 2: IP address assignment

There are five steps to setting up failover and load balancing, one of which we have already accomplished.

  1. Set up Multi-WAN Configuration – done in Part 2.
  2. Set up Required Values – List DNS Servers, Turn on Sticky Sessions
  3. Define Failover Gateways – One for each WAN connection
  4. Set Up Load Balancing Gateway – Handles Round Robin Traffic Assignment
  5. Define Rules for LAN Traffic – Direct LAN Traffic to Load Balancer

We will also need to test load balancing and failover and write a rule for outbound HTTPS traffic. This rule will serve as an example of traffic that needs to bypass the load balancer and travel directly out a single selected ISP interface.

Since we have already set up Cerberus for multi-WAN, we'll jump to step two, setting values. We need to do two things here; the first is make sure the two DNS addresses we are going to be using (, are listed under General Setup.

DNS address assignment

Figure 13: DNS address assignment

In Advanced Setup, we want to turn on sticky connections, so traffic started on a particular ISP WAN interface stays there, preventing sites that use your IP Address, such as your bank, from getting confused.

Enable Sticky Connections

Figure 14: Enable Sticky Connections

I also recommend editing your Snort Whitelist (Services->Snort), ensuring DNS servers are automatically added. Depending on your ISP, DNS irregularities may cause Snort to block them, giving you a false failure.

Snort Whitelist auto-add DNS servers

Figure 15: Snort Whitelist auto-add DNS servers

The next step is setting up the failover gateways in the Load Balancer (Services->Load Balancer). Each failover gateway has a pool of interfaces, each with a monitoring IP. We have two pairs of Interface and Monitor IPs that need to be added to each pool. The only difference between the two gateways is the order of these pairs.

Pair One is the Primary ISP, and the WAN DNS Server:  [ WAN, ]

Pair Two is the Secondary ISP, and the OPT1 DNS Server:  [ OPT1, ]

The first pair in each gateway is the opposing interface, the one that it fails over to. The second is its own Interface. So the pools look like:

Failover gateway address pool

Figure 16: Failover gateway address pool

Here is the pool setup for the Primary ISP, note the the Secondary ISP Failover gateway only differs in pair order:

Primary Failover pool IP setup

Figure 17: Primary Failover pool IP setup

With the failover gateways up, we can define the load balancer gateway – this looks just like our 2ndWanFailover gateway, except the behavior is Load Balancing instead of Failover.

Load Balancer gateway setup

Figure 18: Load Balancer gateway setup

With that, we have completed our Gateway setup:

Gateway setup complete

Figure 19: Gateway setup complete

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Don't Miss These

  • 1
  • 2