HA Cluster Config Question
-
I am currently setting up a HA Cluster with two WAN Connections. I was reviewing what I have setup currently and documentation from The pfSense book and the following jumped out at me:
27.4.3 Firewall Configuration
With Multi-WAN a firewall rule must be in place to pass traffic to local networks using the default gateway. Otherwise,
when traffic attempts to reach the CARP address or from LAN to DMZ it will instead go out a WAN connection.
A rule must be added at the top of the firewall rules for all internal interfaces which will direct traffic for all local
networks to the default gateway. The important part is the gateway needs to be default for this rule and not one of the
failover or load balance gateway groups. The destination for this rule would be the local LAN network, or an alias
containing any locally reachable networks.I'm not quite following what the above paragraph means… Does anyone know of any configuration examples I could look at to apply the documentation to practice?
-
On your LAN side, if you have, say, a LAN and DMZ, you need rules to pass from LAN to DMZ without a gateway set. Under that, you can have a rule from LAN to any with a gateway set for whatever Multi-WAN scenario you setup (LB, failover, etc).