Multi-WAN and Compatibility
What is compatible with multi-WAN, and what is not?
The following are pfSense-specific.
Outbound traffic to the Internet
All services running locally on pfSense will strictly obey the system's routing table. This means they go out the primary WAN unless static routes are defined that match the traffic. This only applies to services which initiate connections to the Internet, such as the DNS forwarder, and several packages such as squid.
Inbound traffic from Internet
On current versions of pfSense, from the perspective of traffic coming in to services on pfSense from the Internet, connections will return through the WAN which they entered. This works for TCP-based services and UDP services bound to specific IP addresses. For UDP services bound to any/all IP addresses, there may still be issues with return traffic as UDP will attempt to reply from the closest interface IP address to the client.
General Load Balancing Compatibility
The following are issues with any multi-WAN firewall/router.
Web site incompatibility with changing IP addresses
Some websites do not work properly if requests from the LAN are initiated from multiple public IP addresses. Hence load balancing is incompatible with these sites. Common examples are sites that maintain login sessions, most frequently online banking. This is most commonly observed with HTTPS sites so usually HTTPS should not be load balanced. Occasionally it is a problem with HTTP sites that maintain session, but this is rare.
For sites that do not function with load balancing, add firewall rules to not load balance traffic to these destinations or protocols.