Unable to route through new interface
-
We have a very strange issue where we are spinning up a new interface, just like we did with our 30 previous interfaces.
VLAN:1700
FW1 Interface IP: 192.168.120.1/24
FW2 Interface IP: 192.168.120.2/24
CARP IP: 192.168.120.254/24The CARP IP properly replicated, FW1 is the Master and FW2 is Backup.
I can ping the individual firewall IPs, but not the CARP IP. Its not a rule issue as I can add an ANY/ANY and the behavior does not change.
Its not a routing or a switch VLAN issue as I can see all MACs on all our switches. The firewall interfaces can ping each other I can ping external IPs from the firewall
There are no floating rules that have this subnet in scope.
At this point I am at a lose and dont know where to proceed. Like I mentioned we have had no issues bringing any of our previous subnets online. But even after destroying and recreating everything, the issue persists.
-
@jnpetty
When you ping the CARP VIP from a connected device, it will first send an ARP request which the master should respond to.So to investigate, sniff the traffic and check for ARP packets and if pfSense sends a respond.
If there is no ARP request, check the ARP table on the device you're pinging from for an already existing entry.