Training: Multi-WAN
Netgate pfSense Plus Fundamentals — Section 8: Multi-WAN
Overview, redundancy, load balancing, gateway groups, and best practices for multiple Internet connections.
Multi-WAN Overview
Use of multiple Internet connections for:
- Redundancy (common)
- Bandwidth aggregation
- Load balancing
Multi-WAN Best Practices
Internet connectivity selection considerations:
| Consideration | Description |
|---|---|
| Performance | Evaluate throughput, latency, and reliability of each link. |
| Cable path | Use physically diverse paths to avoid single points of failure. |
| Disparate ISP networks | Use different ISPs to reduce the risk of a common outage. |
| Plan for failure! | Always design with failure scenarios in mind. |
| Usage scenarios for load balancing | Understand traffic patterns before implementing load balancing. |
Multi-WAN Gateways
Each gateway defines an Internet connection.
- Monitor IP can be changed.
- Advanced parameters available (latency and packet loss thresholds).
Multi-WAN Gateway Groups
Gateway groups are containers of gateways (Internet connections).
| Attribute | Description |
|---|---|
| Tiers 1-5 | Lowest tier number is highest priority. |
| One or more gateways per tier | Multiple gateways can share a tier. |
| Usage | Applied via policy routing, IPsec, OpenVPN, Dynamic DNS. |
Multi-WAN Outbound Traffic
Controlled via policy routing:
- Firewall rules specifying a gateway.
- Matching traffic is forced to the specified gateway.
- Overrides routing table in all circumstances.
Multi-WAN Inbound Traffic
- Port forwards and 1:1 NAT are specific to one WAN.
- Duplicate port forwards for additional WANs.
- Add 1:1 NAT entries for additional WANs.
- Update how traffic comes in (DNS updates).
- Dynamic DNS on gateway group.
- Multiple inbound options always live (e.g., email — one MX record per WAN).
Section 8 Summary
| Key Point | Detail |
|---|---|
| Rule ordering | First match wins. |
| Bypass rule | A bypass rule may be required. |
| Gateway forcing | Matching traffic is forced to gateway. |
| Monitor IP | Use appropriate monitor IP per WAN. |
| Load balancing | Load-balance over equal-size links. |
| Per-flow balancing | Load-balancing is per-flow, not per-packet. |
| Reference | Check the Multi-WAN section of the book! |
Source: Netgate pfSense Plus Fundamentals and Practical Application — Section 8 (Multi-WAN).
© 2017 Rubicon Communications, LLC dba Netgate.
Next Module: Training Lab 8: Multi-WAN