All CARP-Interfaces entering BACKUP-mode if only one fails

prakti

Hi experts,

i'm running two physical Fujitsu Servers with pfsense 2.3.2p1. I've configured 4 Carp-Interfaces on both.
Two LAN-VIPs and two WAN-VIPs (two different DSL-Lines). Both WAN-Connections are member in a
Gateway-Group (one TIER1, the other TIER2).

If i restart the modem of one of the wan-connections the whole master-firewall switched (with all VIPs)
into backup-mode. When this happens the connection to my internal default gateway of my lan's got interrupted
for some seconds and than some vpn connections of some internal devices got inerrupted too :-/

My question: Is it correct?? And if the answer is "no", what's wrong with my setup ;-)

Thanks a lot guys

jimp

What you see is by design. Loss of link is considered a physical failure. A gateway failure would still have link but lose connectivity.

If you don't want a modem restart to cause a transition, place a switch between the firewalls and modem(s) (but be sure not to create another single point of failure).