HA and CARP for the DMZ

  • I am working on setting up High Availability using two pfsense firewalls on one WAN. I understand how to setup the WAN and LAN with fixed IPs and Virtual IPs. The question is this: I have well over 100 Virtual IPs on the WAN (I have a Class C block) that are 1:1 NATed to Internal IPs in the DMZ. I'm pretty sure a I will need to setup fixed and virtual gateway IPs just like the WAN and LAN. How do I handle the Virtual IPs? or do I even need to? Will they just work when everything is setup for CARP? I've read a lot of info about setting up HA and CARP, but the DMZ setup is not covered anywhere that I have found. Running 2.4.2-RELEASE-p1. Thank you in advance for either the help or pointing me to a link with the info I need.

  • Think of the DMZ as another LAN segment. It will need a CARP VIP to float between the firewalls. The Public IPs you are using for 1-1 NAT will just be CARP VIPs off the WAN.

Log in to reply