# pfSense Network Gateway
Redundant Configuration (HA) Setup Procedure
This article will introduce how to build a highly available (HA) network gateway using pfSense. This FreeBSD-based open source software will help you achieve a stable network environment.
## What is pfSense?
pfSense is an open source router/firewall software based on FreeBSD that can implement various network functions such as router, firewall, VPN, and proxy.\
The configuration of the virtual network gateway when building ExpressRoute/Site-to-Site VPN is also described in the official documentation, so it can be used safely in many corporate environments.
## File preparation
{% stepper %}
{% step %}
### Download pfSense ISO file
Go to the official pfSense website () and download the latest ISO image.
{% endstep %}
{% step %}
### Login to FPT Cloud Console
Go to and log in with the provided credentials.
{% endstep %}
{% step %}
### Uploading an ISO file
Select the downloaded pfSense ISO file and upload it to the portal. You will receive a confirmation message once the upload is complete.
{% endstep %}
{% endstepper %}
## Network environment preparation
{% stepper %}
{% step %}
### Create a new subnet
In the FPT Cloud Console, create a new subnet according to your requirements, which will allow you to assign the necessary IP addresses to the network interfaces of pfSense.
{% endstep %}
{% step %}
### Creating a security group
Define security rules for your environment and create appropriate security groups to control communication and network traffic between pfSense virtual machines.
{% endstep %}
{% endstepper %}
## Creating a pfSense Virtual Machine
{% stepper %}
{% step %}
### Compute Engine
Go to the Compute menu in the FPT Cloud console and click "Create Instance".
{% endstep %}
{% step %}
### Basic information settings
Set up an instance name (e.g. pfsense-master or pfsense-slave) and select the pfSense ISO you uploaded earlier in the **ISO image** option.
{% endstep %}
{% step %}
### Resource and network configuration
Select the appropriate resource size (CPU/RAM) for your needs and connect the necessary networks.
{% endstep %}
{% step %}
### Attaching a security group
Attach the security group you just created and create a virtual machine.
{% endstep %}
{% endstepper %}
## HA (High Availability) Requirements
Minimum Requirements for High Availability (HA) Implementation
* At least three IPs per subnet on the pfSense network interface (one for the master, one for the slave, and a virtual IP for external communication)
* Layer 2 devices must support multicast
* The upstream/ISP/router involved must have access to the virtual IP used by CARP
## Configuring the pfSense Interface
### New Network: Adding a card
* Select "Assignment" from the "Interface" menu and click "Add" to add a new interface.
* Double-click the OPT1 interface and enter the required information.
* After setting, click "Save" and then "Apply Changes".
### Firewall: Creating rules
* Select "Rules" from the "Firewall" menu and switch to the "Sync" tab
* Click "Add" to create a new rule, and enter the required information.
* Once you are done with the configuration, click "Save and Apply Changes".
* Do the same configuration on both pfSense servers.
## Configuring CARP (High Availability Protocol)
### Configuring CARP on the Master
* Select "High Availability Synchronization" from the "System" menu and enter the required information.
* The username and password for the remote system specify the credentials of a high-privileged user on the pfSense slave virtual machine.
### Configuring CARP on the Slave
* Similarly, select "High Availability Synchronization" from the "System" menu and enter the required information.
* The settings will be different from those of the master, so please follow the instructions to set them appropriately.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://ai-docs.fptcloud.com/fpt-gpu-cloud/gpu-virtual-machine/on-fpt-cloud-console/tutorials/pfsense-network-gateway.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
