Jump to content

Training: Multi-WAN

From MediawikiCIT
Revision as of 07:06, 23 April 2026 by Justinaquino (talk | contribs) (Created page with "__NOTOC__ <div style="background:#e6f3ff;border:1px solid #0066cc;padding:10px;margin-bottom:15px;"> '''Netgate pfSense Plus Fundamentals — Section 8: Multi-WAN'''<br/> <i>Overview, redundancy, load balancing, gateway groups, and best practices for multiple Internet connections.</i> </div> == Multi-WAN Overview == Use of multiple Internet connections for: * '''Redundancy''' (common) * '''Bandwidth aggregation''' * '''Load balancing''' == Multi-WAN Best Practices ==...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)


Netgate pfSense Plus Fundamentals — Section 8: Multi-WAN
Overview, redundancy, load balancing, gateway groups, and best practices for multiple Internet connections.

Multi-WAN Overview

Use of multiple Internet connections for:

  • Redundancy (common)
  • Bandwidth aggregation
  • Load balancing

Multi-WAN Best Practices

Internet connectivity selection considerations:

Consideration Description
Performance Evaluate throughput, latency, and reliability of each link.
Cable path Use physically diverse paths to avoid single points of failure.
Disparate ISP networks Use different ISPs to reduce the risk of a common outage.
Plan for failure! Always design with failure scenarios in mind.
Usage scenarios for load balancing Understand traffic patterns before implementing load balancing.

Multi-WAN Gateways

Each gateway defines an Internet connection.

  • Monitor IP can be changed.
  • Advanced parameters available (latency and packet loss thresholds).

Multi-WAN Gateway Groups

Gateway groups are containers of gateways (Internet connections).

Attribute Description
Tiers 1-5 Lowest tier number is highest priority.
One or more gateways per tier Multiple gateways can share a tier.
Usage Applied via policy routing, IPsec, OpenVPN, Dynamic DNS.

Multi-WAN Outbound Traffic

Controlled via policy routing:

  • Firewall rules specifying a gateway.
  • Matching traffic is forced to the specified gateway.
  • Overrides routing table in all circumstances.

Multi-WAN Inbound Traffic

  • Port forwards and 1:1 NAT are specific to one WAN.
  • Duplicate port forwards for additional WANs.
  • Add 1:1 NAT entries for additional WANs.
  • Update how traffic comes in (DNS updates).
  • Dynamic DNS on gateway group.
  • Multiple inbound options always live (e.g., email — one MX record per WAN).

Section 8 Summary

Key Point Detail
Rule ordering First match wins.
Bypass rule A bypass rule may be required.
Gateway forcing Matching traffic is forced to gateway.
Monitor IP Use appropriate monitor IP per WAN.
Load balancing Load-balance over equal-size links.
Per-flow balancing Load-balancing is per-flow, not per-packet.
Reference Check the Multi-WAN section of the book!

Source: Netgate pfSense Plus Fundamentals and Practical Application — Section 8 (Multi-WAN).
© 2017 Rubicon Communications, LLC dba Netgate.

Next Module: Training Lab 8: Multi-WAN

Retrieved from "https://mediawiki.comfac.net/index.php?title=Training:_Multi-WAN&oldid=233"