• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

pfSense High Availability exapand existing firewall with multi wan and multi ip

HA/CARP/VIPs
2
5
698
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • K
    kiokoman LAYER 8
    last edited by kiokoman Oct 21, 2020, 11:29 AM Oct 21, 2020, 11:16 AM

    I'm trying to help a guy on the Italian forum
    is it possible to expand this configuration to use pfSense High Availability with carp? if so it's not clear how to configure the wan side as all the example / docs and #hangout on the net talk about a single static IP per wan
    this is the actual situation:
    there are services that are available only on a specific IP like email server and web server
    as it is now all IP's are configured as "IP alias" directly on pfsense, both modem are in bridge
    isp 1 have 32 public ip
    isp 2 have 16 public ip

    login-to-view

    ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
    Please do not use chat/PM to ask for help
    we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
    Don't forget to Upvote with the 👍 button for any post you find to be helpful.

    V 1 Reply Last reply Oct 21, 2020, 3:30 PM Reply Quote 0
    • V
      viragomann @kiokoman
      last edited by Oct 21, 2020, 3:30 PM

      @kiokoman said in pfSense High Availability exapand existing firewall with multi wan and multi ip:

      is it possible to expand this configuration to use pfSense High Availability with carp? if so it's not clear how to configure the wan side as all the example / docs and #hangout on the net talk about a single static IP per wan

      There is nothing special with that. If you know how to setup HA it's simply the combination with Multi-WAN.
      Get a switch (or two to have WAN redundancy) to connect the WANs to both boxes.

      @kiokoman said in pfSense High Availability exapand existing firewall with multi wan and multi ip:

      there are services that are available only on a specific IP like email server and web server
      as it is now all IP's are configured as "IP alias" directly on pfsense

      It's the same with HA, apart the IP aliases are hooking up on the WAN VIPs instead of WAN address.

      The Outbound NAT for local networks (not the firewall itself) has to be reconfigured to use the WAN VIPs or whatever IP alias you want.

      1 Reply Last reply Reply Quote 1
      • K
        kiokoman LAYER 8
        last edited by Oct 21, 2020, 4:32 PM

        what i don't understand is.. we need one carp address for each public ip ? bc i don't understand how i can nat 40+ public ip if i have only one carp address

        ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
        Please do not use chat/PM to ask for help
        we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
        Don't forget to Upvote with the 👍 button for any post you find to be helpful.

        1 Reply Last reply Reply Quote 0
        • V
          viragomann
          last edited by Oct 21, 2020, 4:42 PM

          @kiokoman said in pfSense High Availability exapand existing firewall with multi wan and multi ip:

          what i don't understand is.. we need one carp address for each public ip ?

          Maybe you've read that in a very old tutorial.

          Tody both master and slave should have a public IP and a third IP is needed as CARP. The CARP address can be used for services on or behind pfSense.
          All other public IPs you can add as IP alias as you did in the single installation, hooking up on the WAN CARP IPs (WAN1, WAN2) instead of the WAN IPs.

          1 Reply Last reply Reply Quote 1
          • K
            kiokoman LAYER 8
            last edited by Oct 21, 2020, 4:54 PM

            thank you very much, it's more clear now 👍

            ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
            Please do not use chat/PM to ask for help
            we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
            Don't forget to Upvote with the 👍 button for any post you find to be helpful.

            1 Reply Last reply Reply Quote 0
            1 out of 5
            • First post
              1/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.