4 Firewalls CARP

  • Question:
    We currently have 2 Firewalls, Primary and Backup.
    We also have 2 other firewalls, at a different datacenter location.

    I wanted to know if its possible to do CARP with SYNC between 4 firewalls? and if its possible, how?
    I been searching on the forums and so far found nothing on it.

  • Yes, you can drive 4 pfSense in CARP mode and sync configuration from one to the other, but not over internet, this doesn't make any sense anyway.

    For CARP all interfaces sharing the same VIP has to be connected to the same switch. On each box you have to set a different skew value for the VIP, that one with the lower skew has the higher priority.

    For syncing you can only sync from one the another, so you can sync from the first (master) to the second and from the second to the third and so on.

Log in to reply