Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HA and CARP for the DMZ

    HA/CARP/VIPs
    2
    2
    446
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sschaffert
      last edited by

      I am working on setting up High Availability using two pfsense firewalls on one WAN. I understand how to setup the WAN and LAN with fixed IPs and Virtual IPs. The question is this: I have well over 100 Virtual IPs on the WAN (I have a Class C block) that are 1:1 NATed to Internal IPs in the DMZ. I'm pretty sure a I will need to setup fixed and virtual gateway IPs just like the WAN and LAN. How do I handle the Virtual IPs? or do I even need to? Will they just work when everything is setup for CARP? I've read a lot of info about setting up HA and CARP, but the DMZ setup is not covered anywhere that I have found. Running 2.4.2-RELEASE-p1. Thank you in advance for either the help or pointing me to a link with the info I need.

      1 Reply Last reply Reply Quote 0
      • dotdashD
        dotdash
        last edited by

        Think of the DMZ as another LAN segment. It will need a CARP VIP to float between the firewalls. The Public IPs you are using for 1-1 NAT will just be CARP VIPs off the WAN.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.