Netgate is offering COVID-19 aid for pfSense software users, learn more.


There are five basic pre-defined Monitor types: ICMP, TCP, HTTP, HTTPS, and SMTP. Additional custom types may be added to better detect specific types of failures.

Pre-defined Monitors

The pre-defined monitors are included in the default configuration and are:


Sends an ICMP echo request to the target server and expects an ICMP echo reply.


Attempts to open a TCP port connection to the target IP address and port. If the port can be opened (3-way TCP handshake) then it succeeds, if it connection is refused or timed out, it fails.


Attempts to open a connection to the server and request the URL / using HTTP or HTTPS, whichever is selected. If a 200 response code is returned, it is OK. Otherwise, it is considered a failure.


Opens a connection to the defined port and sends the string EHLO nosuchhost. If the server replies with any message starting with 250-, it is considered OK. Other responses are considered a failure.

Creating Custom Monitors

The included monitors are not sufficient for the needs of a site, or they need tweaking, then custom monitors may be created. Most monitor types have their own specific settings that can be customized as needed.

To create a new monitor: * Navigate to Services > Load Balancer * Click the Monitors tab * Click fa-plus Add to add a new Monitor * Configure the Monitor options as explained below:


A name for the Monitor. This is for reference, but must also adhere to the same limits as an alias or interface name. Letters and numbers only, the only allowed separator is an underscore. No spaces or slashes.


An optional longer description for the Monitor. This is for reference purposes only, and does not have any formatting limits.

The remaining options vary based on the selected Type.


No extra options. Any custom monitor using these types will behave identically to the pre-defined monitor of the same name.


These behave identically to each other, the only difference is whether or not encryption is used to talk to the target server. These each have three options to control the behavior of the monitor:


The Path defines the path section of the URL sent to the server. If the site contains mostly dynamic content, or the base URL does a redirect, it is best to set this to a full path to a static piece of content, such as an image, that is unlikely to move or change.


If the server runs multiple virtual hosts, this field defines which hostname is sent with the request so that the expected response can be received.


This defines the response expected from the server, given the request to the Host/Path. Most commonly this would be set to 200 OK, but if the server uses another return code that would be expected as a healthy response to this query, choose it here. If the return code is unknown, inspect the server logs to find what codes are returned to the client for each request.


This type of monitor opens a connection to the defined port and sends a string and expects the specified response. The most common example is the SMTP monitor discussed previously. The options are:

Send String

The string sent to the server after a connection is made to its port.

Expect String

If the response from the server does not start with this string, then it is considered down.

  • Click Save