IPSEC HA Question
-
Greetings,
I am currently working with pfsense to replace our aging Sophos UTM Router/Firewalls. One feature we use on the UTM is HA in an active/passive configuration.
I would like to get this going with PFSense, where if Unit 1 goes down, Unit 2 would reconnect the IPSEC connection back to our home office automatically until we get Unit 1 back online.
Is this possible in pfsense?
Thanks in advance,
Eric -
Yes, IPsec works fine with HA, the IPsec tunnel is bound to a CARP VIP, and whichever node holds MASTER status on the CARP VIP will carry the tunnel.