Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Failed primary firewall was not detected on secondary by CARP

    CE 2.6.0 Development Snapshots (Retired)
    2
    3
    546
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • w0wW
      w0w
      last edited by

      This sounds strange, but today I've got some situation I've never seen before, I have two firewalls and CARP, only LAN interface is synced, so far so good. Periodically, I am updating both firewalls to the latest snapshot. Today I have updated secondary firewall and then, I've started to update primary. I've started the process in console via option 13 and agreed. Then I just was away from PC for a half of an hour, when I was back I've found that primary firewall stuck on rebooting, I've piKVM and asrock embedded KVM and both showed me that firewall just stuck, no reaction on input and so on. When I've pinged the firewall LAN IP, it just refused to answer at all. At the same time, I've found that the secondary firewall does not detect that the primary failed and was in backup state. I've done reset the primary and then the secondary firewall immediately detected that primary failed and became master. So the question is...how could this happen at all? Theoretically?

      viktor_gV 1 Reply Last reply Reply Quote 0
      • viktor_gV
        viktor_g Netgate @w0w
        last edited by

        @w0w Please provide more details:
        pfSense version, console output, screenshots, configuration details

        Maybe related to https://forum.netgate.com/topic/168768/nat-issue-after-20211220-version

        w0wW 1 Reply Last reply Reply Quote 0
        • w0wW
          w0w @viktor_g
          last edited by

          @viktor_g
          I think the version was from 23/12/2021 or later.
          I did not provided console output just because there was nothing unusual, standard output but instead of reboot machine just stuck on rebooting message. LAN interface pinging was failed. Unfortunately I forgot to ping SYNC interface that is connected directly to secondary, backup firewall. The logs showed me nothing unusual, except that CARP triggered MASTER event on secondary firewall only when I did reset main, primary firewall which I was thinking just get lost in the middle of nowhere. I don't think it is related NAT issue you have mentioned, but I'll check everything again. So far I have no issues. The one thing I suspect is that there was some glitch on the hardware that caused inability to reboot and machine partly worked, like SYNC interface was available and answered, IDK...

          1 Reply Last reply Reply Quote 0
          • First post
            Last post