How To Use pfSense To Load Balance Your Web Servers

In this HowTo I will show you how to configure pfSense 2.0 as a load balancer for your web servers. This HowTo assumes that you already have a pfSense box and at least 2 Apache servers installed and running on your network, and that you have some pfSense knowledge.



1 Box for pfSense 2.0 installation (if this is your edge firewall I would recommend a physical machine).

Minimum of 2 Apache2 servers (these can be virtual).

Have your Apache servers configured to sync web files some how (rsync/corosync or another option of keeping files up to date over the web servers).


Configuring pfSense

pfSense uses the load balancer to share the load of certain types of traffic over multiple servers, this is great if you have multiple servers for hosting applications, you can spread the load over all servers instead of stressing out one server.

Let's get started, first click on "Services" then "Load Balancers", then click the "Monitor" tab.

To add a new entry click on the "Plus" button, specify a "Name" and a "Description" (in this example I will be using ApacheClusterMon as a name and description), set the type to "HTTP" then set the "Host" to an unused IP address (we will be creating virtual server IPs later on that will be assigned to the failover server group), leave the "HTTP Code" set to "200 OK". Then click on "Save" and apply changes if needed.

Now we are going to create the server pool. Click on the "Pools" tab, and click the "Plus" button to add a new pool.

Specify a name ( ApacheSrvPool will be used in my example). Set the "Mode" to "Load Balance", then set the "Port" to "80" (you can get pfSense to load balance other applications on other ports), set "Monitor" to the monitor configuration you created before and specify the IP addresses of all the web servers that you want in the pool, "Save" and apply changes if required.

Next click on the "Virtual Servers" tab, and click on the "Plus" button to add a new entry. Specify a "Name" and "Description" then set the "IP Address" with the unused IP that you choose ealier, set the "Port" to "80", then set the "Virtual Server Pool" to the pool you created before, "Submit" and apply changes.

That's it, you have just configured pfSense to load balance your web traffic between your web servers.

Just a note if any of the servers don't reply with a 200 OK status (pfSense sends requests to your web servers periodically to determine if they are running, All Servers must reply to this ) the server pool will be taken offline. The best thing to do to avoid downtime would be to configure a failover (which I will cover in my next tutorial).

Share this page:

Suggested articles

8 Comment(s)

Add comment


By: Don

Nice post Kyle, thank you for the help. I think this part may be incorrect though:

"Just a note if any of the servers don't reply with a 200 OK status (pfSense sends requests to your web servers periodically to determine if they are running) the server pool will be taken offline."

In my experience, and according to the note on the page "Services: Load Balancer: Virtual Server: Edit", all of the servers have to reply with something other than a 200 OK in order for the server pool to be taken offline, not just one.



Thanks for that, i worded the How to Wrong, i will fix it up

By: Anonymous

Are firewall policies auto-created for the VIP?

By: Lenny Raposo

I have competed the steps as listed above to no avail.


Here is my setup:


listening IP (Monitor):


server IPs (Pools):

By: TatG


 Can we Load balance servers difference locations (WAN IP)?  Will be any issues of performance? 


Tat G 

By: iam ahmed

hi i want ask some thing please i want to make fair use in my network i use pfsense server but i dont know i f pfsense can limited for examel 2 giga for download for every client if pfsense can please told me How I Can Do that ??????

By: Mark

I have tried, and it hasn't worked. I am not sure pfSense is ready for prime-time. It should be a simple setup, but I can only hit my web-server without going through pfSense, despite my core pointing to it for the VIP range (which I can ping), and the pfServer having routes to whereever (it can ping from the console). Hell, I also have problems installing packages - one bad install blows away everything installed. Likewise, I can only get OpenBGPd to eBGP peer with one device - the second, with an identical config (analogously), returns to 'Idle.' That could be an issue with the Cisco device, though ... I'm uncertain. 

By: ryan

pfsense is a very stable and awesome product. Treat it properly and learn how to use it and you'll never have any issues you can fix quickly. I create image backups every month using filezilla so I have a quick drive I can revert to. Also, don't forget you can simply backup the config. I backup the config prior to any changes then if you have any problems you simply revert back to the older, working config. Simple. Also note, that many times you can simply re-install a package and it'll continue working just like before.