4. All CARP-Interfaces entering BACKUP-mode if only one fails

All CARP-Interfaces entering BACKUP-mode if only one fails

  • P

    Hi experts,

    i'm running two physical Fujitsu Servers with pfsense 2.3.2p1. I've configured 4 Carp-Interfaces on both.
    Two LAN-VIPs and two WAN-VIPs (two different DSL-Lines). Both WAN-Connections are member in a
    Gateway-Group (one TIER1, the other TIER2).

    If i restart the modem of one of the wan-connections the whole master-firewall switched (with all VIPs)
    into backup-mode. When this happens the connection to my internal default gateway of my lan's got interrupted
    for some seconds and than some vpn connections of some internal devices got inerrupted too :-/

    My question: Is it correct?? And if the answer is "no", what's wrong with my setup ;-)

    Thanks a lot guys

    0
  • Rebel Alliance Developer Netgate

    What you see is by design. Loss of link is considered a physical failure. A gateway failure would still have link but lose connectivity.

    If you don't want a modem restart to cause a transition, place a switch between the firewalls and modem(s) (but be sure not to create another single point of failure).

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy