2 DMZ, 1 WAN CARP HA cluster with routing
-
Hello everyone.
I am trying to build my first CARP cluster after many years of networking. I am trying to set-up the configuration of the network I have attached.Please note that the DMZs live in the public network space and MUST be separate networks (17.0/26 and 17.64/26). Hosts in the DMZs are almost 100% freely accessible from the Internet. There is a large number of LANs (VLANS) attached to the LAN switch (CS-VC1) all in the private space (10.0.0.0). Traffic from uplink provider comes with proper routing. Most private space should be NATed at the pfSense WAN (multiple pools for the VLANs) to get access to the Internet and therefore the uplink should not see any of the private space IPs. CS-VC7 is acting as a fron router.
I am particularly interested on setting up the HA for the two DMZs (DMZ, rDMZ) but also for the LAN and WAN and how the routing is achieved on each of the cluster member in order to achieve the proper access to the DMZs and the local VLANs. Please, also, freely comment if you see a problems with this approach.
Thank you very much for any help and ideas. -
@ank99
All you need for setting this up is well documented by Netgate: -
@viragomann Thank you very much for the reply and the references.
I am very much interested on how to best set up outgoing routing from one of the switches (ex. CS-VC1 in my diagram) towards the firewalls. Would you do a priority based routing configuration or something else?