Redundancy



  • Hello,

    I am using a SG-3100 and a 5100 on different locations.
    I am just wondering, what would be a fast solution if one of my firewalls get broken. Would you buy the same models again (expensive) or would you buy a cheaper model from amazon and set it up in a minimal configuration, or would you install a virtual machine on a server and run pfsense there?

    Regards,
    Gunther



  • It may depend on the cost of the downtime. At $xxx per hour how much would downtime cost? pfSense does support CARP for hardware failover so if you did buy another (at each location) the failover could be basically instant. It will sync states if the network drivers are the same on both. There is a caveat for the models with switches, in that as I recall it can't detect if one switch port is disconnected if the entire switch is still functional so you want to use the OPT1 port for the LAN and the switch ports for the CARP sync.

    pfSense also runs on PC hardware so if you have an old/spare PC and an extra NIC for it that would work as well.


Log in to reply