IPSEC HA Question



  • Greetings,

    I am currently working with pfsense to replace our aging Sophos UTM Router/Firewalls. One feature we use on the UTM is HA in an active/passive configuration.

    I would like to get this going with PFSense, where if Unit 1 goes down, Unit 2 would reconnect the IPSEC connection back to our home office automatically until we get Unit 1 back online.

    Is this possible in pfsense?

    Thanks in advance,
    Eric


  • Rebel Alliance Developer Netgate

    Yes, IPsec works fine with HA, the IPsec tunnel is bound to a CARP VIP, and whichever node holds MASTER status on the CARP VIP will carry the tunnel.