SG-2440 must resave WAN interface on reboot
-
I have two pfsense routers setup in a HA carp pair. My primary is a SG-2440. When I reboot my primary, the secondary flawlessly takes over. The problem is when the primary starts back up. The secondary hands control back to the primary, but the primary won't pass any wan traffic until I manually go in and save the WAN interface again. Then it works fine. Anyone have any suggestions on how to troubleshoot this?
-
You can start by what kind of WAN provisioning you have.
-
Static IPv4 address from comcast, no IPv6. This is a reasonable recent development, though I can't say exactly how recent. Previously fail over worked flawlessly.
-
Out of curiosity, is your secondary also a 2440?
I would look at the ifconfig for the WAN to make sure the CARP VIP is correct and the routing table before you fix it next time.
-
Ironically, no the backup is a home built box that has functioned flawlessly since day 1. I made it the backup because it was a little under powered compared to the SG-2440, but it reboots and takes traffic just fine.
-
Well, the supported HA design is to use matching hardware, but if the secondary has igb0-igb3 you should be able to do what you did without much issue.
Are you also gaming it with private addresses on interfaces with a public CARP VIP or do you have a /29 or larger or otherwise have 3 WAN IP addresses (Interface + Interface + CARP)?
-
I have a /29. Each firewall has its own publicly addressable IPv4 address.
-
The gateway will report as up on the PFSense gui, but no traffic will pass until I resave the WAN interface.
-
OK I would definitely start by looking at the routing table when you fail back and it doesn't work. Be sure the default route is there. Also, before you kick it back to working, be sure you can ping the same subnet on WAN such as the other node and the ISP gateway. Probably testing sourced from both CARP and interface addresses.
Is IPv6 disabled (set to None) on the WAN?
-
@chuck-mcnadrew said in SG-2440 must resave WAN interface on reboot:
The gateway will report as up on the PFSense gui, but no traffic will pass until I resave the WAN interface.
If the gateway is up and gateway monitoring is on, the interface is almost certainly passing traffic.
-
Gateway monitoring is on, and the gateway will initially report as down, but then quickly move to up. However, I still can't ping out from my lan until I resave my WAN.
-
Again, more details needed. See above.
"Can't ping out" is a symptom. You need to diagnose to find out what is not in place that is put back when you save the interface. My guess is something like a default gateway. But that's just a guess.
