What is pfSense?
pfSense is a FreeBSD-based distribution to be installed as physical or virtual machine. It can function as below:
- Web proxy
- Load balancer
- supporting high availability
- supporting Radius and LDAP authentication
- Click here for pfSense function list
pfSense is managed via web GUI. HTTPS is enabled by default, while HTTP can be enabled if required.
pfSense provides incident-based support with cost. Their support hours are 7am-7pm CST. Should out-of-hour support be required, pfSense requires advance notice. Please refer here for pfSense support FAQ. This is to be considered in production as it may not meet SLA requirements in some organisations.
Also lab is not production. It is critical to take non-functional requirements such as supportability, scalability, availability/reliability, performance and etc. into consideration in production.
In addition, although pfSense is even more multi-functional than Juniper SRX, security may require dedicated function per device and therefore multi-layer protection. A similar example in server infrastructure world is…we normally don’t put Active Directory (AD) and Certificate Authority (CA) on a same server.
The lab is created using GNS3 with VMs hosted in VirtualBox. Please refer to my previous blog Install CSR1000v on GNS3 regarding how to import VMs into GNS3. I used dummy switch in this lab; however, proper layer 3 switch can be set up as described in my log GNS3 Lab: Connect to Physical LAN and Use Layer3 Switch.
Ubuntu Mate are used to simulate all servers and PCs. Apache is installed on Clst1-S1, Clst1-S2, Clst2-S1 and Clst2-S2 to simulate web servers.
pfSense is installed as VM on Virtual Box with 3 physical interfaces: WAN (e0), SVR(e2) and LAN(e1).pfSense webgui is accessible from Mgmt PC.
VM specs and software download links will be provided in next section.
The lab topology is as below:
Load balancing data flow is as below:
- User access load balancing virtual IP 10.10.20.20, which relay HTTP traffic to the two web servers in Cluster 1. pfSenseLB SVR interface (e2) IP is 10.10.20.1.
- User access load balancing virtual IP 10.10.20.30, which relay HTTP traffic to the two web servers in Cluster 2.
- User access load balancing virtual IP 192.168.10.30, which relay HTTP traffic to the two web servers in Cluster 2. pfSenseLB WAN interface (e0) IP is 192.168.10.10.
VM Specs and Software Download
Ubuntu Mate is available from here. VM specs are as below:
|Operating System||Ubuntu (64-bit)|
|Adapter 1||Not attached|
Apache 2 is installed by running ‘sudo apt-get install apache2’.
pfSense is available from here. VM specs are as below:
|Operating System||FreeBSD (64-bit)|
|Adapter 1,2,3||Not attached|
To be Continued…
psSense configuration will be introduced in ‘Use pfSense to Load Balance Web Servers (2)’, which I will post over this week.