Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    PfSense 2.4 & CARP with DHCP-on-WAN

    Routing and Multi WAN
    1
    1
    958
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      ttmcmurry last edited by

      Hello - hoping I'm missing something simple here.

      My interfaces are:

      WAN1 - DHCP only (Gets a public IP, but not a static IP)
      WAN2 - DHCP only (Gets a public IP, but not a static IP)
      LAN
      CARP

      Without considering CARP, my WAN setup works.  I have both ISPs in a tiered Gateway Group and failover between ISPs works as expected.  I have no static routes defined.  Neither WAN has a checkmark for the "this will select the above gateway as the default gateway" option.

      I have CARP working, everything one firewall 1 is replicated to firewall 2, firewall rules are working.  No problems here.

      On the LAN:
      FW1 - 10.10.50.1
      FW2 - 10.10.50.2
      VIP - 10.10.50.254

      However, from this point it gets a little "weird" - I know I need to NAT the traffic from the VIP outbound, and CARP needs to be aware of the WAN; but I have no idea if my only option are DHCP IPs from the WAN side to complete the CARP setup.

      Every document I've read says I need to assign a VIP in the WAN subnet; and by this metric I would need two VIPs, one in each WAN subnet.  I don't know how to achieve that in pfSense when the WAN IP is subject to constant change.

      On a Cisco ASA this is not even an issue.  Failover is a matter of a very similar process without pfSense's requisite VIPs.  Enabling high availability failover only requires a standby IP in the LAN(s) but not necessarily for the WAN(s).

      Any help on this would be great.  I feel like the answer might be "put a router in front of the firewall" - even though pfSense is perfectly capable of routing.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post

      Products

      • Platform Overview
      • TNSR
      • pfSense
      • Appliances

      Services

      • Training
      • Professional Services

      Support

      • Subscription Plans
      • Contact Support
      • Product Lifecycle
      • Documentation

      News

      • Media Coverage
      • Press
      • Events

      Resources

      • Blog
      • FAQ
      • Find a Partner
      • Resource Library
      • Security Information

      Company

      • About Us
      • Careers
      • Partners
      • Contact Us
      • Legal
      Our Mission

      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

      Subscribe to our Newsletter

      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

      © 2021 Rubicon Communications, LLC | Privacy Policy