Question for failover in virtualization enviroment

  • I was wondering if it was possible to run two PS-Sense server in a virtual enviroment for redunancy?

    (OpenVPN - 192.168.32.X)
                          (WIFI optional Interface -\

    /- FW1 (–-------------------
                                                          / (SNORT,IPSEC, OpenVPN, NAT services) -----
    Internal Network (192.168.30.x) -----<                                                                  > ---- (Single External IP)
                                                          \ (SNORT,IPSEC, OpenVPN, NAT services)------/
                                                          - FW2  (

    (OpenVPN - 192.168.32.X) /
                          (WIFI optional Interface -

    I am in the process of installing and configuring OpenVPN, and have other services.  I just want to add reducancy to my firewall so that I can upgrade one and or fail it over.  I just need some assistance with this.

  • You can use CARP in pfSense to create environments like this. Virtual or "physical" does not matter, so I think it's better to move this topic to another subforum.

  • CARP is the easiest way to do it.

    If you have 2 ESX 3.5 servers with a san, you can use HA (will restart the server on the second server automaticly if the firts fails)
    You will still need to wait for the vm to reboot onto the second server.

    ESX 4.0 has HA + FT (not out yet) In the same situation there is zero downtime for a failed vm. It runs two VMs at the same time (active and pasive) Anything that happens on the primary is mirrored to secondary. Looks very good!

  • ESX 4 with HA/FT will only support some of the lastest CPUs though.  Intel Penryn and AMD Greyhound-based processors, as an example.

  • really, hmm good to know, i did not read that.

  • I just happened to run across this today during my beta testing of ESX 4.  It's going to be really sweet when I get CPUs that can actually do it.  The stuff in ESX 4 is unreal.  I cannot wait till it goes RTM.

Log in to reply