Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    8300 in HA with dual WAN and BGP

    Scheduled Pinned Locked Moved Routing and Multi WAN
    4 Posts 2 Posters 399 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      padrino121
      last edited by

      Looking for a little help distilling how to accomplish this, have most of the pieces but missing how to handle the WAN side with BGP..

      Currently have two WAN connections, moving to a shared range with BGP so we can use either to access the same IP range…

      Intent is one per HA pair (8300) however it’s not clear from the docs how to implement with BGP and allow each to function with failover as needed.

      Setting up the HA pair, having internal hosts route (everything NATed with some 1:1 mappings for hosted services) seems straightforward but lost on how to implement multi WAN with BGP

      M 1 Reply Last reply Reply Quote 0
      • M
        michmoor LAYER 8 Rebel Alliance @padrino121
        last edited by

        @padrino121
        Well…pfsense with FRR package does not work with HA.

        6 year old request to get it to happen is ignored.
        https://redmine.pfsense.org/issues/9141

        The only “solution” is to have your primary pfsense have both WAN links enabled and performing bgp. In the event of a failover physically move both WAN circuits. Another “solution “ would be to manually copy the the FRR configuration to the standby router…
        Honestly, pfsense with dynamic routing in HA doesn’t work in its current form.

        Firewall: NetGate,Palo Alto-VM,Juniper SRX
        Routing: Juniper, Arista, Cisco
        Switching: Juniper, Arista, Cisco
        Wireless: Unifi, Aruba IAP
        JNCIP,CCNP Enterprise

        P 1 Reply Last reply Reply Quote 0
        • P
          padrino121 @michmoor
          last edited by

          @michmoor Thanks for the details, I can’t say we realized this when purchasing the pair of 8300 for HA..

          Read HA, multiWAN, BGP feature sets and made the assumption…

          Thinking outloud, could we drop the WAN links on a two VLAN switch one for each and tie the primary and secondary to it so we don’t need to physically move them?

          M 1 Reply Last reply Reply Quote 0
          • M
            michmoor LAYER 8 Rebel Alliance @padrino121
            last edited by

            @padrino121
            Drop the WAN circuits on a switch will work as far as not having to physically go on site but unfortunately the FRR configuration still requires manual intervention.
            8300s is expensive gear. I would follow up with sales and see if they can provide a better solution. The money you paid it’s really unacceptable that there is this level of shortcomings especially with something so basic

            Firewall: NetGate,Palo Alto-VM,Juniper SRX
            Routing: Juniper, Arista, Cisco
            Switching: Juniper, Arista, Cisco
            Wireless: Unifi, Aruba IAP
            JNCIP,CCNP Enterprise

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.