Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multiple WAN HA setup (No Multi-WAN LB or FO)

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    3 Posts 3 Posters 551 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • _neok_ Offline
      _neok
      last edited by

      Hello everyone!
      I am evaluating to implement a 2 node HA clúster in pfSense 2.4.4 (VM Gen.2 over Hyper-V Server 2016).
      I'm reading the official information from here: https://www.slideshare.net/NetgateUSA/high-availability-on-pfsense-24-pfsense-hangout-march-2017
      I'm good at almost every point, except the next one.
      On my network I have my pfSense as default gateway. On this one I have 3 internet links.
      The first of them is a /29 by which half of my users navigate.
      In the second one I have only one IP, and I use it for the navigation of the other half of my users.
      The third is for sending and receiving mail only.

      Do I need 3 IPs per WAN in each WAN to build this HA? Or just the first WAN /29 is enough for me?

      I would appreciate very much some light on that.
      Thank you very much in advance!

      Best regards
      Gabriel

      P 1 Reply Last reply Reply Quote 0
      • P Offline
        pete.s. @_neok
        last edited by

        @_neok I don't know how to do what you want but have you checked out this one?
        https://www.slideshare.net/NetgateUSA/high-availability-part-2-pfsense-hangout-july-2016

        Also keep in mind that these slides are from presentations (pfSense monthly hangouts) and you can watch the entire presentation on youtube. https://www.youtube.com/channel/UC3Cq2kjCWM8odzoIzftS04A

        1 Reply Last reply Reply Quote 0
        • DerelictD Offline
          Derelict LAYER 8 Netgate
          last edited by

          You can probably get away with having only one proper WAN with two single-address WANs as long as:

          All addresses are static (not DHCP, PPPoE, etc)

          You ensure that the default gateway in the routing table is always the interface where the secondary can get out (has its own routeable interface address)

          The main issue is that the secondary can access the internet (get updates, resolve DNS, etc) when it is CARP BACKUP.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.