Because that's the way ISC DHCPD works in failover mode.

Thank you VIragomann. I will try this as soon as the company opens again after summer break ;)

Fixed. I had dual connections active/active from VMWare to the 3750 switch.  I had to setup a channel group on the switch and set the vSwitch to Route based IP hash on top of the security settings.  Not sure why it was working with the similar setup on the Primary server, but both are now setup with the correct load balance settings.

You can't have WAN and LAN in the same subnet. And if that is a bridge, then you do not want IP addresses on both WAN and LAN. But I hope it's not a bridge, since bridge+carp = big mistake.

Thanks for your help ! I finally got it to work but honestly not really sure what was the issue. On my pfsense2 i changed the LAN ip and the WAN IP. In the NAT rule i changed several times back and forth the translation address from interface address to 192.168.0.2, rebooted the Humax modem and it worked finally. When i turn off the pfsense1 i will keep having internet with pfsense2, when pfsense 1 is back online it is still working as well… I think this is solved. Thanks a lot for your help and sorry i bothered you with this !

Is there any way to work around this issue?  Perhaps some script that I can modify which gets called any time dhcpv6.conf and radvd.conf is written?

That is expected behavior. When the two units have properly configured DHCP servers, they both hand out leases and they share lease information. They each agree on a portion of the address space to serve. The above assumes you have filled in the "Failover Peer IP" on the master (and that it has been copied to the secondary during config sync). If you left that out, then filling it in will correct the problem.

As long as you can get a link from node to node it should work. Otherwise you might have to run it through a switch on an isolated VLAN. At heart, not that much different than any other NIC except for the physical connections.

To clarify: The above isn't mean to be rude, but a statement of experience. At my previous job I ran an HA pair for years that was bridged and it was a never-ending nightmare of babysitting switches, some things not working during a primary failure, mysterious network issues, etc. I bit the bullet and redesigned the entire network to use routing and that same setup has had zero problems since, other than an unrelated hardware failure.

That is expected behavior. When the two units have properly configured DHCP servers, they both hand out leases and they share lease information. They each agree on a portion of the address space to serve. The above assumes you have filled in the "Failover Peer IP" on the master (and that it has been copied to the secondary during config sync). If you left that out, then filling it in will correct the problem.

Okay just tried that. The plot thickens. Now the logs are reporting that the traffic being allowed. I also see traffic from my Windows DNS servesrs reaching out to Google's public resolvers being shown as "Passed". However, running nslookups and pinging anything that isn't LAN side isn't working :( This is thoroughly mystifying. This was working only a week ago I believe.

If you check the ifconfig output from both units, it will likely be different in some way than it was when it was working. If, for example, the secondary unit didn't remove the IP Alias VIP from the interface, that might cause it to think the master had a problem ("I should be master because the other node forgot about this IP address").

Post what you have done. Not what you think you have done.