In this example, we will use the pfSense load balancer to load balance three Apache web servers. We will assume that these servers handle requests on both port 80 (HTTP) and port 443 (HTTPS). Assume that our web servers are in the DMZ and that the IP addresses for the servers are 192.168.2.11, 192.168.2.12, and 192.168.2.13.
The first step is to create an aliases for ports 80 and 443, and an alias for the three servers. Navigate to Firewall | Aliases and click on the Ports tab. Click on the Add button to add a new entry. Enter an appropriate name (for example WEB_SERVER_PORTS); also enter a brief Description if desired. Enter 80 in the Port field and a description (for example HTTP). Click on the Add Port button. Enter 443 in the Port field and a description (for example HTTPS). Click on the Add Port button and then click on the Save button. On the main Aliases page, click on the Apply Changes button.
Next, click on the IP tab to create an alias for the servers. Click on the Add button. Enter an appropriate name and a brief description. In the IP or FQDN field, enter the first IP address (192.168.2.11) and a brief description in the adjacent edit box, then click Add Host and repeat the process for all three servers. Then click on the Save button, and on the main Aliases page, click on Apply Changes.
Next, navigate to Services | Load Balancer to begin load balancing configuration. Stay on the Pools tab and click on the Add button. This will load the Edit page for the load balancer. Enter an appropriate name (for example WEB_SERVER_POOL) and description. In the Port field, enter the alias we created in the previous step. In the Retry field, you can enter the number of times pfSense will retry a server before declaring it to be down.
In the Add Item to Pool section, enter the first Apache server IP address (192.168.2.11) and click on the Add to pool button. Repeat the process for the other two servers (192.168.2.12 and 192.168.2.13). You can change the Monitor protocol if necessary. Click on the Save button when you are done. On the main Load Balancer page, click on the Apply Changes button.
We need to set up the virtual server, so click on the Virtual Servers tab and then click on the Add button. Enter an appropriate name (for example WEB_SERVER_IP) and description. Enter the WAN IP address in the IP Address field. Unfortunately, the current version of pfSense does not allow us to enter an alias in the Port field (in spite of the fact that the description of this field on the page says that we can). Therefore, we are going to have to create two entries, one for port 80 and the other for port 443.
For Port, enter 80. For Virtual Server Pool, enter the web server pool we previously created. Leave Fall Back Pool set to None and Relay Protocol set to TCP. Click on the Save button when you are done and then click on the Apply Changes button on the next page.
Fortunately, creating the other virtual server is not difficult. On the main Virtual Servers tab, click on the copy icon for the virtual server we just created. On the Edit page for the new server, change Port to 443. You may also want to change name to give this server a unique name. Click on the Save button when you are done and then the Apply Changes button.
You'll want to set up monitors for the web servers on both ports, so click on the Monitors tab and then click on the Add button. Enter an appropriate name (for example HTTP_MONITOR), a description, and select HTTP in the Type drop-down box. Set the Path to a web page that will return a 200 OK code. For example, if you have a page called index.html in the root directory, you can set Path to /index.html. Set Host to the IP Address you set under Virtual Servers (this is likely the WAN IP address). Leave HTTP Code set to 200 OK and click on the Save button. On the main Monitors page, click on Apply Changes. To set up an HTTPS monitor, repeat the process by clicking on the copy icon in the column for the monitor we just created, and change Type to HTTPS. Set Path to a valid HTTPS resource on your web server (for example /index.php). Click on Save when done and then click on Apply Changes.
Finally, we must add a firewall rule for the server pool. Navigate to Firewall | Rules, and on the WAN tab, click Add. The Edit Firewall Rule and Source sections can be kept at their default values. For Destination, select Single host or alias in the drop-down box and enter the server pool alias we previously created in the adjacent edit box. Since this rule is on an interface that faces the public internet, we want to make it as restrictive as possible. Therefore, set the Destination Port Range to the port alias we created previously. Enter an appropriate description, and click on the Save button; on the main Firewall page click on the Apply Changes button.
We have now completed configuration of the Apache web server pool. To check on the status of the pool, navigate to Status | Load Balancer. The Pools tab will show the status of each server in the pool. Servers that are up will be colored green, while servers that are down will be colored red. You can also use this page to manually deactivate individual servers in the pool. To do this, uncheck the checkbox in the column containing the server. Click on the Save and Apply Changes buttons to ensure that the changes take effect.
Click on the Virtual Servers tab to check on the status of the virtual server we defined. Again, if the server is up, it will be colored green, and if it is down, it will be colored red. For a virtual server to be down, all the servers which are members of the pool would have to be down.
Note that if we wanted to add or remove servers from the pool, it would be as easy as navigating back to Services | Load Balancer and editing the settings for the pool we created, adding and/or deleting IP addresses for the servers as needed. We could also easily convert this pool to a failover group by changing the Mode to Manual Failover. In such a case, the first IP address in the Current List Members list box would be the master web server, and all others would be backup web servers.