Book Image

Mastering pfSense - Second Edition

By : David Zientara
Book Image

Mastering pfSense - Second Edition

By: David Zientara

Overview of this book

pfSense has the same reliability and stability as even the most popular commercial firewall offerings on the market – but, like the very best open-source software, it doesn’t limit you. You’re in control – you can exploit and customize pfSense around your security needs. Mastering pfSense - Second Edition, covers features that have long been part of pfSense such as captive portal, VLANs, traffic shaping, VPNs, load balancing, Common Address Redundancy Protocol (CARP), multi-WAN, and routing. It also covers features that have been added with the release of 2.4, such as support for ZFS partitions and OpenVPN 2.4. This book takes into account the fact that, in order to support increased cryptographic loads, pfSense version 2.5 will require a CPU that supports AES-NI. The second edition of this book places more of an emphasis on the practical side of utilizing pfSense than the previous edition, and, as a result, more examples are provided which show in step-by-step fashion how to implement many features.
Table of Contents (15 chapters)


There are several problems that may arise when implementing a load balancing pool or a CARP group. The two broad possibilities are:

  • The load balancing pool or CARP group may not be functioning at all – for example, traffic might not be passing to or from the gateway or server pool, or the CARP firewalls may not be syncing
  • The load balancing pool or CARP group is functioning, but performance is suboptimal – for example, the load balancing pool is not balancing, or the state table on the CARP group is not synchronized, resulting in lost connections when the group fails over to the backup firewall

If load balancing or CARP is not functioning at all, then there is a good possibility that it was improperly configured. Double-checking the configuration is recommended, and confirming the functioning of each element of the configuration is a good idea....