WAN failover via CARP or not?
-
I have established CARP VIPs for my LAN and DMZ. Need some help on configuring my WAN VIP.
Here is my setup:Firewall #1
WAN address from ISP#1 (static): 167.206.x.x
Firewall #2
WAN address from ISP#2 (dhcp) : 68.237.x.xNot clear on how to create a VIP from two separate ISP address spaces,
also our ISP#2 is allocating us a dhcp address.
Our goal is to achieve WAN failover, i.e. if WAN connection on Firewall#1 fails,
we want users to be able to failover/route via WAN connection in Firewall#2.
What is the best way to accomplish this type of scenario? Is it via CARP or something
else? -
CARP is primarily for hardware failover to a standby firewall.
Failover from one ISP to another is achieved via the load balancer.
Ideally, you would have two firewalls each with ISP1 and ISP2. However, a DHCP setup is not compatible with a CARP cluster. Why not just setup both ISPs on one box, use a failover pool in the LB, and have the second box as a cold standby in case of hardware failure? -
UDPATE: We got it working. We followed some of the ideas from http://pfsense.site88.net/multiwan.html… Thank you again for answering! I'll close this tomorrow.
Okay...we've put both ISPs on one box and configured failover pool. The monitor IPs we are using are the DNS servers of the respective ISPs. i had to put in a static route so we could ping the DNS server of ISP #2. Don't know if that is correct butwe can ping both DNS servers from PFSENSE. We disconnect ISP#1 from PFSENSE and we see WAN interface as offline in Status Load Balancer Pool. But we cannot make an internet connection. I checked under Routes and the default is still pointing to WAN interface. Is the routing table supposed to change to point default to WAN2? We really appreciate your help. Possibly our monitor ips are incorrect? Attached LoadBalancerPool and LoadBalancerStatus snapshots.
-
Are your firewall rules set to use the LB pool as the gateway?
