Monday, December 26, 2011

Setting Up A High-Availability Load Balancer With HAProxy/Pfsense 2.0.1




I/Overview





II/Intro

As lastest document.I give you how to config haproxy on Pfsense 2.0.1.Now I will intro to you how to Setting Up A High-Availability Load Balancer With HAProxy/Pfsense 2.0.1

III/Setting

1/Install haproxy on pfsense as http://conheotiensinh.blogspot.com/2011/12/config-haproxy-with-pfsense-version-201.html
2/Configuring CARP firewall failover

2.1/On both machines, add a firewall to allow all traffic on the SYNC interface:

a. Browse to Firewall | Rules.
b. Click the SYNC Interface tab.
c. Click the "plus" button to add a new firewall rule.
d. Set Protocol to any.

e. Save the changes.
f. Apply changes, if necessary.

2.2/On the backup-pfsense machine, we need to enable CARP synchronization and
configure it as a backup only:

a. Browse to Firewall | Virtual IPs .
b. Click the CARP Settings tab.
c. Check Synchronize Enabled.
d. Set Synchronize Interface to SYNC.


e. Save the changes.
f. We have now finished configuring the backup firewall.

2.3/On the primary-pfsense machine, we need to enable CARP synchronization and
configure it to act as the primary firewall:

a. Br owse to Firewall | Virtual IPs .
b. Click the CARP Settings tab.
c. Check Synchronize Enabled.
d. Set Synchronize Interface to SYNC.

e. Check Synchronize rules
f. Check Synchronize nat
g. Check Synchronize Virtual IPs
h. Set Synchronize to IP to the IP address of backup-pfsense
i. Set Remote System Password to the password of backup-pfsense
j Save the changes

2.4/We must now configure a virtual IP address for the WAN interface on the primary-pfsense machine:

a. Browse to Firewall | Virtual IPs .
b. Click the Virtual IPs tab.
c. Click the "plus" button to add a new virtual IP.
d. Set the Type to CARP.
e. Set the Interface to WAN.
f. Set the IP Address to the single WAN address that will be used throughout
your systems, regardless of whether the primary or backup firewall is in
effect.
g. Create a Virtual IP Password.
h. Leave the VHID Group set to 1.
i. Leave the Advertising Frequency at 0.
j. Add a Description


k.Save the changes
l.Apply changes, if necessary

3/config Sync HAProxy configuration

3.1/On the backup-pfsense machine we need check Sync HAProxy configuration to backup CARP members via XMLRPC.

3.2/On the primary-pfsense machine,we need check Sync HAProxy configuration to backup CARP members via XMLRPC and setting for sync config HaProxy

Now we can config haproxy in primary-Pfsense and it auto sync to backup -Pfsense

Thanks and Best Regards

quan.hoa@conheotiensinh.co.cc

2 comments:

  1. Thanks, that was useful.

    ReplyDelete
  2. I think Pfsense is the best open source firewall without any doubt.
    It's features are impressive and comparable to any professional firewall appliance.
    If you want to know more about the special features of this firewall:
    http://www.opttic.com/best-open-source-firewall

    ReplyDelete