Friday, September 11, 2009



is a FreeBSD-based firewall tailored for use as a firewall and router. The project started in 2004 as a fork of the m0n0wall project, but focused towards full PC installations rather than the embedded hardware focus of m0n0wall.

Common Deployments

Although mainly deployed as a perimeter firewall, pfSense is versatile enough to fill many types of deployments. Here is a short list of common deployments:

  • Perimeter Firewall - As discused earlier, this is by far the most common deployment for pfSense.
  • Router - Due to the ability to load balance connections and provide failover capabilities, pfSense makes for an ideal choice for a DIY Router for the SMB market.
  • Wireless Access Point - With the ability of Captive Portal within it, pfSense can easily be deployed as a wireless hotspot solution.
  • Special purpose appliance - Some users have decided to utilize pfSense in a unique way to helpfulfill their unique needs.
    • VPN Appliance
    • Sniffer Appliance
    • Dedicated DHCP server
    • Dedicated DNS server


pfSense includes almost all the features in expensive commercial firewalls, and more in many cases. Here is a list of features taken from the pfSense Features page.

  • Firewall
  • State Table
  • NAT
  • Redundancy
    • CARP- CARP from OpenBSD allows for hardware failover. Two or more firewalls can be configured as a failover group. If one interface fails on the primary or the primary goes offline entirely, the secondary becomes active. pfSense also includes configuration synchronization capabilities, so you make your configuration changes on the primary and they automatically synchronize to the secondary firewall.
    • pfsync - pfsync ensures the firewall's state table is replicated to all failover configured firewalls. This means your existing connections will be maintained in the case of failure, which is important to prevent network disruptions.
  • Outbound and Inbound load balancing
  • VPN - IPsec, OpenVPN, PPTP
  • PPPoE Server
  • RRD Graphs Reporting
  • Real Time Information - Using AJAX
  • Dynamic DNS
  • Captive portal
  • DHCP Server and Relay
  • Live CD Version Available

Step 1:Install Pfsense from CD

Step 2:enable vlan or no(I choose "no")

Step 3:enter the lan interface name

Step 4:enter the wan interface name

Step 5: enter

Step 6 type "y"

Step 7: setup ip adrress as Diagram

Step 8:Set up Load Balancing Pool

The first thing to do is create a pool (Services > Load Balancer > Add).

Step 9:Set up virtual server

Adding a new Virtual Server (Services > Load balancer > Virtual Servers > Add )

Step 10: Set up virtual ip address

Adding a new Virtual IP (Firewall > Virtual IPs > Add )

Step 11:Create Nat(Firewall > Nat > Add)

Note: open port 80 from Internet access to and

Step 12:Access to and check status load balance

Step 13:Disconnect Access to and check status load balance


As LOAD balance but choose Failover

Besides pfsense can create cluster fail over firewall and load balance outbound


  1. Well, that was a good documentation on inbound Load-Balancing. But your example shows only a failover situation. How does the Load-Balancer work as real load balancer (i.e incase of server over-load).
    I understand there is something called "Scheduling Algorithms" (Round-Robin Scheduling, Weighted Round-Robin Scheduling, Least-Connection Scheduling, Weighted Least-Connection Scheduling), How and Where do you configure this.

  2. Hi,

    In This document.I show both load balancer and failover situation.Please check again.Pfsense with version lastest release(1.2.3) only support load balancer(layer 4) with round-Robin Algorithms.Not support other Algorithms.So if you need more feature for load balancing,you can use Haproxy(support layer 7) and support many load balancer Algorithms as you said:"Round-Robin Scheduling, Weighted Round-Robin Scheduling, Least-Connection Scheduling, Weighted Least-Connection Scheduling".With me Haproxy is best solution for load balancing server and I deployed it for my company(securities) for load balancing web server(support layer 7 with cookie persistent and session persistent)and application (with Weighted Round-Robin Algorithms)

    You can prefer some document about haproxy on my blog or

  3. Thanks for your guidance, will go thru the haproxy doc and give you the feedback.