Failover traffic

  • Hello, we have 2 PfSense firewalls (2.3) running on VMs, each VM is on a different VMHost and each VMHost is connected to the same switchstack. We have all interfaces setup with CARP and we’re syncing states.

    We switched traffic to FW2 by using CARP Maintenance mode on FW1 - and then switched back to FW1 by taking it out of CARP Maintenance mode - and everything looked ok until we realized that traffic was going through both firewalls.  We could see this via tcpdump and by looking at the states tables on both - for some systems, the traffic is going through both firewalls.

    How could this happen, is there anything else we need to do when using the Status / CARP tab to flip traffic?