Failover for physical boxes only
-
I have 2 identical physical boxes with the same pfsense version (100% identical). I have 5 static ip addresses from a single isp (all more or less being utilized in some fashion). Ultimately, I want to have full redundancy between the pfsense boxes. I don't have a second isp so internet (as far as isp) is not a part of this failover setup.
I've done lots of searching and reading, but doesn't seem like it was enough to better my understanding for my solution. Seems like its probably pretty basic but just can't hit the nail on the head.
Initially just want to get the pfsense boxes set for failover if a piece of hardware goes on it (power supply,hdd,etc). Mostly everything I could find is referring to a wan connection being alive and that's the form of determining what box to use.
The broad of my pfsense setup includes 5 nics (wan,lan,VLANS,VLANS,Sync) and nat (port forwarding using all static ips for different services).
At one point, I had both connected and setup in sync combining the first couple google results for "pfsense failover high availability" but ran into a major problem where the 2 boxes were competing with one another causing some traffic to go to one and some to another, which obviously causes major issues.
How should they be connected physically to the switch?
Currently pfsense1 box is connected and working just fine connected say:
Lan > switch port 1
Vlan2 > switch port 2
Vlan3 > switch port 3
Wan > Seperate switch > ONT
(Sync on pfsense1 > Sync on pfsense2)Should pfsense2 be connected to same switch?
Lan > switch port 4
Vlan2 > switch port 5
Vlan3 > switch port 6
Wan > Seperate switch > ONT
(Sync on pfsense2 > Sync on pfsense1) -
Any ideas or is this not possible?
-
https://doc.pfsense.org/index.php/Configuring_pfSense_Hardware_Redundancy_%28CARP%29
All interfaces including VLANs that should be redundant have to be able communicate with their CARP partner. So all interfaces have to be connected to switches except the Sync.