- First, we will create aliases for ports 80 and 443:
- Navigate to Firewall | Aliases.
- Click on the Ports tab.
- Click on the Add button.
- In the Name text field, enter an appropriate name (for example, WEB_SERVER_PORTS):
-
- In the Description edit box, enter a brief, non-parsed description.
- Enter 80 in the Port text field and a description in the adjacent text field (for example, HTTP).
- Click on the Add Port button.
- A new set of boxes should appear. Enter 443 in the Port text field and a brief description (for example, HTTPS).
- Click on the Save button.
- Click on the Apply Changes button.
- Next, we want to create an alias for the web servers:
- Navigate to Firewall | Aliases | IP.
- From the IP tab, click on the Add button.
- In the Name edit box, enter an appropriate name (for example, WEB_SERVER_IPS):
-
- In the Description text field, enter a brief, non-parsed description.
- Enter 192.168.2.11 in the IP or FQDN edit box. Enter a brief description in the adjacent text field (for example, WEB SERVER 1).
- Click the Add Host button.
- Repeat this process for the remaining two web servers.
- Click on the Save button.
- Click on the Apply Changes button.
- Now, we can configure the load balancer:
- Navigate to Services | Load Balancer | Pools.
- From the Pools tab, click on the Add button.
- In the Name text field, enter a name for the pool.
-
- In the Description text field, enter a brief description.
- In the Port text field, enter the alias we created in step 1.
- In the Retry text field, enter the number of times pfSense will retry a server before declaring it to be down.
- In the Add Item to the Pool section, enter the first web server IP (192.168.2.11) in the Server IP Address edit box.
-
- Click on the Add to pool button.
- Repeat this process for the second and third web server IPs (192.168.2.12 and 192.168.2.13).
- When you are done, click on the Save button.
- Click on the Apply Changes button:
- Next, we add the virtual servers:
- Click on the Virtual Servers tab.
- Click on the Add button.
- In the Name text field, enter a name:
-
- In the Description text field, enter a non-parsed description.
-
- In the IP Address text field, enter the IP address for the web server to listen on (usually the WAN IP address).
- The Port text field should support aliases, but it does not. Thus, enter 80 into this text field.
- Click on the Save button when done.
- When the page loads, click on the Copy icon for the virtual server just created. This will create an identical virtual server.
- Change the Name to differentiate it from the first virtual server.
- Change the Port to 443.
- Click on the Save button when done.
- Click on the Apply Changes button.
- Next, we add monitors for both active ports:
- Click on the Monitors tab.
- Click on the Add button.
- In the Name text field, enter a name:
-
-
- In the Description text field, enter a non-parsed description.
-
-
-
- In the Type drop-down menu, select HTTP.
- In the Path text field, enter a web page path for a page that will return a 200 OK code (for example, /index.html).
- Click on the Save button when done.
- Click on the Add button again.
- Enter a Name and Description.
- In the Type drop-down menu, select HTTPS.
- In the Path edit box, enter a web page path for a page that will return a 200 OK code (for example, /index.php).
- Click on the Save button when done.
- Finally, we must add a firewall rule for the web server pool:
- Navigate to Firewall | Rules.
- Click on the WAN tab.
- Click on the Add button.
- For Destination, select Single host or alias:
-
- Enter the web server pool alias we created in step 2.
- Set Destination Port Range to the port alias we created in step 1.
- In the Description field, enter an appropriate description.
- Click on the Save button.
- Click on the Apply Changes button: