Learn to configure pfSense HAProxy Firewall Rules. Our pfSense Support team is here to help you with your questions and concerns.

pfSense HAProxy Firewall Rules | How to Configure

In the world of network security and traffic management, pfSense is a great solution. Its firewall rules play a key role in handling the flow of data through the system. When paired with HAProxy, configuring firewall rules helps ensure a secure and efficient network.

Today, we are going to take a look at how to set up pfSense firewall rules for HAProxy.

Allowing Traffic to HAProxy

1. To begin with, open the pfSense web interface and head to the “Firewall” menu.
2. Then, choose Rules under the Firewall menu.
3. Now, we have to identify the interface through which HAProxy traffic will pass and choose it.
4. Next, create a rule that allows traffic to the HAProxy service. We have to specify the source, destination, and required ports to streamline the flow of data.

To boost security, we have to add rules that block unwanted traffic from passing through HAProxy. For example, if there’s a certain subnet that should not access HAProxy, we have to set up a rule to deny traffic from that subnet.

Furthermore, we can enable logging for the rules you create. This gives us a look at the traffic patterns and aids in troubleshooting based on the firewall logs.

Here is an example Firewall Rule for HAProxy:

Interface: WAN (assuming HAProxy is exposed to the internet)
Protocol: TCP
Source: Any (or specify a source IP/network if needed)
Destination: WAN Address (or specify the specific IP if different)
Destination Port Range: HTTP (80) and HTTPS (443)
Action: Allow

Configuring pfSense Firewall Rules for HAProxy:

1. First, access the pfSense web GUI and go to Rules under Firewall.
2. Then, choose the interface we want to create a rule for and click the green “Add” button with the UP arrow icon.
3. Next, we have to make sure there is a firewall rule on the WAN interface to allow inbound traffic to communicate with the firewall and HAProxy.
4. Now, head to Backend under HAProxy and click “Add.” We have to specify the backend server’s name, select the server’s IP address, and enable SSL for secure communication.
5. Then, open each backend server’s settings and add two firewall rules to control traffic effectively.
6. Next, set up a Virtual IP (VIP) by going to Virtual IPs under Firewall. Then, set up a Wild Card search for the domain and configure options to suit our network.
7. Finally, we can get a Let’s Encrypt certificate with ACME in pfSense and reference it from HAProxy settings for an added layer of security.

[Need assistance with a different issue? Our team is available 24/7.]

Conclusion

Today, our Support Engineers demonstrated how to set up pfSense HAProxy Firewall Rules.