Possible to CARP between SG-4860 and a VM ?
-
hi everyone,
is it possible to use CARP between a pFsense appliance and a Community Edition VM install?
or do the installs have to be identical to work correctly???
any big gotcha's i'd run into if it is possible?
Cheers
-
While it is possible, it isn't ideal.
In order for pfsync to synchronize states correctly, the physical interface names have to match. You can use HA/CARP without pfsync, in most cases people wouldn't notice it much since things will normally reconnect without much fuss. Ongoing connections would be interrupted, web browsers might take a few moments to recover as they discover they have to make new connections, etc. Depending on what your environment is those could be either minor irritations or major concerns.
You can sort of work around that by using LAGG and VLANs to abstract the interfaces names and fool pfSense. It's kind of ugly, but it works around that.
Otherwise, so long as you have the same number of interfaces configured and they are assigned in the same order, other parts would be fine. You will need to make sure your hypervisor and vswitch are configured appropriately to allow CARP to function. Check the wiki for that info.
-
sounds like a can of worms i dont really want to be opening on myself!
Its a single site with remote vpn users, long as the SG-4860's rock solid, we should be fine.
Cheers JimP
