Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2 x Wan, 2 x PFSense, 2 x Switches…Is this possible?

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 2 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      ehuk
      last edited by

      Hi Guys,

      I am looking for a fully redundant pfsense solution. Hopefully the diagram will do all the talking!

      Basically we want redundancy all the way down to the NICs, the system will have multiple VLANs, (15+), two WAN feeds, 2 x 2950 switches and 2 x PFSense systems.

      The NICs will use bonding and teaming (for a bunch of Linux and Windows servers) across the two switches, and I am hoping to use lagg( ???) to trunk the 6 firewall ports to each switch.

      Now ideally I would want active-active clustering of the firewalls to provide some sort of load balancing across the network, but as far as I know this is not possible?

      I hope to start testing tomorrow, but I would really appreciate any input from the community on how to achieve this  :D.
      network.jpg
      network.jpg_thumb

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        The diagram is sound. That's nearly identical to how I have configured similar deployments for some of our support customers. At a glance, looks good.

        lagg support is only in 2.0. It could be back ported if you're so inclined, or we'd be glad to do so for a price. Email me if you're interested (cmb at pfsense dot org).

        What I've done to make up for lack of port bonding on 1.2.x is just have one firewall plugged into each switch, which leaves you with nearly the same redundancy. If you want to go all the way with lagg though, that can be accomplished.

        1 Reply Last reply Reply Quote 0
        • E
          ehuk
          last edited by

          Hi CMB,

          Thanks for the reply, but surly lagg can be achieved from a kernel level? PFSense will just see 1 LAN interface, and the kernel can deal with the bonding and 802.3ad?

          I really don't have a lot of money to spend on this project, but I will email you for sure if I end up chasing my tail. I have two DL360s arriving tomorrow for the pfsense boxes, should be able to start testing then.

          Just thinking out loud…if I do manage to get lagg working on a kernel level, would it be possible to connect 3 NICs to switch 1 and the remaining 3 to switch 2 and vice-versa for the second firewall? Obviously the VLANs and Etherchannels would need to be the same across the two switches but wouldn't that setup provide load balancing even with the firewalls being active-passive?

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            You'll have to make some minor code changes to be able to assign lagg interfaces. The creation and setup of lagg can be hacked in manually.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.