4. All CARP-Interfaces entering BACKUP-mode if only one fails

All CARP-Interfaces entering BACKUP-mode if only one fails

  • P

    Hi experts,

    i'm running two physical Fujitsu Servers with pfsense 2.3.2p1. I've configured 4 Carp-Interfaces on both.
    Two LAN-VIPs and two WAN-VIPs (two different DSL-Lines). Both WAN-Connections are member in a
    Gateway-Group (one TIER1, the other TIER2).

    If i restart the modem of one of the wan-connections the whole master-firewall switched (with all VIPs)
    into backup-mode. When this happens the connection to my internal default gateway of my lan's got interrupted
    for some seconds and than some vpn connections of some internal devices got inerrupted too :-/

    My question: Is it correct?? And if the answer is "no", what's wrong with my setup ;-)

    Thanks a lot guys

    0
  • Rebel Alliance Developer Netgate

    What you see is by design. Loss of link is considered a physical failure. A gateway failure would still have link but lose connectivity.

    If you don't want a modem restart to cause a transition, place a switch between the firewalls and modem(s) (but be sure not to create another single point of failure).

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy