Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2 firewalls and 2 internet connections (VDSL/LTE)

    HA/CARP/VIPs
    2
    3
    973
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      andipandi
      last edited by

      I have a working pfSense (VM in Hyper-V) setup connected to a VDSL line.

      I now bought an LTE router as a fallback in case the VDSL line fails.

      At first I wanted to connect the LTE router to the same pfSense box as an internet line fallback, but now I wonder:

      1. Does it make sense to create a second pfSense VM on another machine, and also create a LAN and WAN (LTE) there? (VMs with 1GB of RAM and ~20GB of HD are rather easy to come by and cheap to have permanently turned on.)

      2. Could I then always route absolutely all traffic over the first VM (VDSL) and only use the 2nd VM (LTE) in case of the first failing?

      3. Is this a CARP scenario?

      4. Also, can I still use both VMs as gateways, so that (LTE is faster than VDSL, but metered) in case of need for speed I can also voluntarily switch a PC in the LAN to use the 2nd VM (LTE)?

      5. Also, can you tell me where to start searching? CARP, failover, load balancing, multi WAN are all buzz words I have seen but I do not know which apply to my case so I can continue reading there.

      Thanks!

      1 Reply Last reply Reply Quote 0
      • M
        matwolb
        last edited by

        Hi andipandi,

        I'll try to answer some of your questions, based on my experience (forum people, please correct me if I'm wrong):

        1. I would set up another server, but just in case I would like to set up some redundancy (High Availability - HA).

        2. Yes, it's possible - it's a gateway group configuration with layers

        3. CARP it's a mechanism to provide failover functionality / redundancy - you would need to have two pfSense boxes in HA to get its advantages ( https://doc.pfsense.org/index.php/Configuring_pfSense_Hardware_Redundancy_(CARP) )

        4. You can do it, but I think you would need to change this manually (just changing gateway group layers) - not sure if there's any way to do this on a different way

        5. It depends on what you would like to set up first:
          a) MultiWAN setup on just one box –> https://doc.pfsense.org/index.php/Multi-WAN
          b) CARP setup with MultiWAN --> mix together link on point 3) and the previous one from 5a)

        HTH

        David

        1 Reply Last reply Reply Quote 0
        • A
          andipandi
          last edited by

          Hello David,

          many thanks for answering!

          It's still a little bit abstract for me, so I think I will 1st configure the existing firewall to also have LTE access fallback and then look into the failover.

          I will probably follow up with some more specific questions.

          Best

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.