search

✌️pfSense Network Gateway

Redundant Configuration (HA) Setup Procedure

This article will introduce how to build a highly available (HA) network gateway using pfSense. This FreeBSD-based open source software will help you achieve a stable network environment.

hashtag
What is pfSense?

pfSense is an open source router/firewall software based on FreeBSD that can implement various network functions such as router, firewall, VPN, and proxy. The configuration of the virtual network gateway when building ExpressRoute/Site-to-Site VPN is also described in the official documentation, so it can be used safely in many corporate environments.

hashtag
File preparation

1

hashtag
Download pfSense ISO file

Go to the official pfSense website (https://www.pfsense.org/download/arrow-up-right) and download the latest ISO image.

2

hashtag
Login to FPT Cloud Console

Go to https://console.fptcloud.jp/arrow-up-right and log in with the provided credentials.

3

hashtag
Uploading an ISO file

Select the downloaded pfSense ISO file and upload it to the portal. You will receive a confirmation message once the upload is complete.

hashtag
Network environment preparation

1

hashtag
Create a new subnet

In the FPT Cloud Console, create a new subnet according to your requirements, which will allow you to assign the necessary IP addresses to the network interfaces of pfSense.

2

hashtag
Creating a security group

Define security rules for your environment and create appropriate security groups to control communication and network traffic between pfSense virtual machines.

hashtag
Creating a pfSense Virtual Machine

1

hashtag
Compute Engine

Go to the Compute menu in the FPT Cloud console and click "Create Instance".

2

hashtag
Basic information settings

Set up an instance name (e.g. pfsense-master or pfsense-slave) and select the pfSense ISO you uploaded earlier in the ISO image option.

3

hashtag
Resource and network configuration

Select the appropriate resource size (CPU/RAM) for your needs and connect the necessary networks.

4

hashtag
Attaching a security group

Attach the security group you just created and create a virtual machine.

hashtag
HA (High Availability) Requirements

Minimum Requirements for High Availability (HA) Implementation

  • At least three IPs per subnet on the pfSense network interface (one for the master, one for the slave, and a virtual IP for external communication)

  • Layer 2 devices must support multicast

  • The upstream/ISP/router involved must have access to the virtual IP used by CARP

hashtag
Configuring the pfSense Interface

hashtag
New Network: Adding a card

  • Select "Assignment" from the "Interface" menu and click "Add" to add a new interface.

  • Double-click the OPT1 interface and enter the required information.

  • After setting, click "Save" and then "Apply Changes".

hashtag
Firewall: Creating rules

  • Select "Rules" from the "Firewall" menu and switch to the "Sync" tab

  • Click "Add" to create a new rule, and enter the required information.

  • Once you are done with the configuration, click "Save and Apply Changes".

  • Do the same configuration on both pfSense servers.

hashtag
Configuring CARP (High Availability Protocol)

hashtag
Configuring CARP on the Master

  • Select "High Availability Synchronization" from the "System" menu and enter the required information.

  • The username and password for the remote system specify the credentials of a high-privileged user on the pfSense slave virtual machine.

hashtag
Configuring CARP on the Slave

  • Similarly, select "High Availability Synchronization" from the "System" menu and enter the required information.

  • The settings will be different from those of the master, so please follow the instructions to set them appropriately.

PreviousSnapshotNextBlock Storage

Last updated

Was this helpful?