Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Critique my Multi-WAN HA plan

    Routing and Multi WAN
    2
    4
    484
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      vinistois
      last edited by

      My goal is layer 1, 2, and 3 redundancy into the rack for a persistent connection to AWS VPC and from a remote office.  I need to be able to do a transparent failover when losing any one piece of gear

      • 2 power sources, both w/ online UPS

      • 2 ISPs on different medium with 3 Static IPs each

      • 3 5018A-FNT4 systems (2 in rack and one remote), with 2 port GBE cards in the rack units

      • 2 Ubiquity US-48 Switches

      • 2 application servers in rack with dual PSU and dual NIC, each running 4 windows VMs with essential services (redundant, only need one to operate)

      • 1 storage server in rack with dual PSU and dual NIC (running windows server 2016)

      • management interfaces on a separate nic+vlan with a dedicated thin client locally (eventually would like my own vpn into this)

      Everything is racked up, waiting on the statics from the ISPs.  I would appreciate a sanity check on the config!

      specific questions:

      • openVPN, IPSec, or Tinc, or ?? for the tunnels

      • Do I need to trunk the two switches to each other?  Or bridge them through Pfsense?  Or Both?    Wired both for now but not configured.  If one switch goes down, I am ok with losing anything that only has 1 nic (office workstations, ip cameras, etc)

      • Anything I may have completely screwed up on?

      Thanks!
      diagram.png
      diagram.png_thumb

      1 Reply Last reply Reply Quote 0
      • V
        vinistois
        last edited by

        I was hoping for some input, nobody wants to rip me a new one here?

        1 Reply Last reply Reply Quote 0
        • luckman212L
          luckman212 LAYER 8
          last edited by

          Nice diagram, you obviously put a lot of time into the design. My advice to you is be a bit patient. You're new on the forum and this is your first post. It's been less than 2 days. This is quite a complex setup you're asking about.  People have day jobs.  If you need faster/immediate support, there are lots of options available to you:
          https://www.netgate.com/support/

          1 Reply Last reply Reply Quote 0
          • V
            vinistois
            last edited by

            Thanks for replying!  All good points ;)

            I did get a gold subscription and plan to purchase support as soon as I encounter an issue I can't overcome. The documentation in the book is fantastic, I knew nothing about pfsense a couple weeks ago.  Dropping right into a multi-wan HA setup is probably not the smoothest way in, but so far, things are working as documented.

            Cheers

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.