CARP Failover not Working on Manual Outbound NAT
-
Packet capture shows that all traffic is being received on the second firewall. Currently NAT is set to Automatic, however that shouldn't effect receiving pings on the correct firewall.
-
I have just confirmed with packet capture that firewall1 is receiving all the LAN CARP traffic, just not the WAN.
-
That is rather odd, especially if it is showing as backup. Are these devices plugged into the rear of your cable modem/router? If so you might try plugging them into a separate switch and then uplinking to that, just to eliminate that as a possible cause.
-
Currently I have a connection going from my Comcast Modem to a 24 port Netgear Switch, then from the switch into the two firewalls. For my LAN I have that also plugged into a seperate 24 port switch.
-
Alright I have deleted the WAN CARP IP and re-added and it looks like the primary firewall is now receiving its traffic.
-
Nevermind it has flopped back over to firewall2. Why is it that firewall2 would be receiving all the traffic?
-
Typically that only happens when it takes over as a CARP master.
The only other times I've seen similar CARP craziness was with some really broken switches.
Any way you can try another (perhaps different brand) switch on the WAN side as a test to see if the problem goes away?
-
I have switched from a netgear switch to a linksys switch. I have also changed around the interface IPs and CARP IP. We will see what this delivers.
-
Also could it be a problem with CARP not syncing right? I have changed the virtual IP's on firewall1 and they have yet to reflect on firewall2.
-
No, it wouldn't have much to do with a sync failure.
CARP heartbeats happen on the interfaces where the VIPs reside, i.e. a CARP VIP on WAN sends its heartbeats on WAN.
XMLRPC sync happens over the sync interface, it only handles configuration.
pfsync only happens over the sync interface, it only synchronizes states (insertions, deletions, etc)So a problem with CARP on WAN is nearly always a problem with the switch or connectivity on WAN.
