How to Set Up Dual/Multi-WAN in pfSense

  • Post author:WunderTech
  • Post published:January 7, 2023
  • Post last modified:May 10, 2024
  • Post category:pfSense
  • Reading time:8 mins read

Share what you're reading!

In this tutorial, we will look at how to set up Dual/Multi-WAN in pfSense.

If you have two different WAN internet connections and you’re using pfSense, setting them up as either load-balanced or as a primary/backup for automatic failover is a great option. Either the traffic can be set up in a way in which pfSense will determine which ISP line to use based on the traffic it’s receiving, or you can configure a primary and a backup connection.

The primary and backup scenario is beneficial if you have one ISP that provides better internet service (whether it’s speed or reliability), which will allow pfSense to automatically failover to the backup line if the internet connection is lost. Both are great options, but the internet service provided by each ISP will most likely determine which option is best. Please keep in mind that the process below will work if you have more than two WAN connections as well.

How to Set Up Dual/Multi-WAN in pfSense

We will look at how to set up dual/multi-WAN in pfSense below.

1. The first thing that we need to do is activate the second WAN interface. Depending on the device you’re using, the interface name will be different, but you should be able to navigate to the Interface Assignments section and add the WAN2 interface. When you’re done adding the interface, select the name to access it.

available network ports in pfsense.

2. Enable the interface, change the name, and set the IPv4 & IPv6 Configuration Type as DHCP. If you know for a fact that the ISP doesn’t use IPv6 (or in very rare circumstances, IPv4), you don’t have to enable it.

interface setup on pfsense. How to Set Up Dual/Multi-WAN in pfSense.

3. In the Reserved Networks section, enable both options and Save.

reserved networks setup on pfsense enabling "block private networks" and "block bogon networks".

Configuring a Gateway Group – How to Set Up Dual/Multi-WAN in pfSense

Now that both interfaces are set up and configured, we’re going to create a gateway group to manage both. The gateway group will determine if it’ll load balance both connections or act as a primary/backup line.

1. Navigate to System, Routing, then Gateway Groups, then select Add.

gateway groups in pfsense.

2. Create a Group Name.

gateway group name in pfsense.

3. If you’d like both WAN interfaces to be load balanced, you’ll set each to Tier 1. This will signify that both are active connections and should be used.

load balancing with two ISPs as tier 1 in pfsense.

4. If you’d like one WAN interface to be the primary and a second WAN interface to be the secondary, set the primary as Tier 1 and the secondary as Tier 2.

primary and backup WAN interfaces in pfsense with tier 1 and tier 2.

5. In the Trigger Level, set this value to be your preference. The pfSense documentation gives a great explanation of the differences between each.

trigger levels in pfsense.

6. Finally, create a description and save, then apply. The gateway group is now created!

Default Gateway – How to Set Up Dual/Multi-WAN in pfSense

Now that the group has been created, we need to specify when it should be used. There are two main ways that you can do this – the first is by modifying the default gateway section in the System/Routing/Gateways menu.

NOTE: When you modify the default gateway in this manner, these preferences will apply to all traffic on all interfaces using the default value!

default gateway in pfsense.

The second way to modify the gateway for the specific interfaces is by creating an Allow rule in the firewall. To do this, select Firewall, then Rules, and navigate to the interface that you’d like this gateway group to apply to.

interface firewall rules in pfsense.

Edit the Allow rule that exists, select Display Advanced, then change the Gateway to the gateway group created above.

NOTE: If the gateway section isn’t accessible, ensure that the address family is not set as IPv4 + IPv6.

firewall rule interface in pfsense.

Conclusion – How to Set Up Dual/Multi-WAN in pfSense

This tutorial looked at how to set up Dual/Multi-WAN in pfSense. If you intend on having two separate ISP connections (or technically, as many as you’d like), it’s a good idea to use gateway groups as it’ll allow you to load balance or automatically failover by using a primary and secondary WAN. Please keep in mind that you can set up multiple gateway groups if you’d like certain interfaces to load balance and others to have WAN failover. The firewall rules will then determine which interface uses which gateway.

Thanks for checking out the tutorial on how to set up dual/multi-WAN in pfSense. If you have any questions on how to set up dual/multi-WAN in pfSense, please leave them in the comments!