Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense pfSync version

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    2 Posts 2 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      StylusPilot
      last edited by

      Hi,

      does pfSense already include the version of pfsync which can be used for active/active clusters?

      I assume alot more work is required than just adding a newer version of pfSync, but what would be needed to give pfSense the ability to have multiple concurrent instances?

      thanks.

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        It's more CARP, not pfsync. Our base OS doesn't have that functionality. It's not exactly all it's cracked up to be really, which is true of all active/active firewalls, commercial and open source. For instance on Cisco ASA's there are massive restrictions, like you cannot use any VPNs with active/active for one. We'd likely also have to enforce similar restrictions in a number of areas including VPNs. The restrictions rule out things more than 99% of the HA installs I've worked on (likely upwards of a thousand in the last 8 years) require. Hence, it's not really all that attractive. We may implement it at some point, but it'll almost certainly come with restrictions like no VPN usage. It also may not actually increase performance, by the nature of how it works and where bottlenecks exist that define the maximum throughput on a given combination of hardware. It's something that would have to be tested.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.