<![CDATA[Confused about HA setup]]>Going through these tutorials:

https://youtu.be/-1Og5ogkyZY
https://docs.netgate.com/pfsense/en/latest/highavailability/configuring-high-availability.html#vmware-esx-users
http://blog.thedarkwinter.com/2015/03/pfsense-ha-hardwaredevice-failover.html

They have all slightly different steps!

My network:

  • External internet IP: 86.xxx.xx.xxx
  • Router: 192.168.2.254
  • PFSENSE1 WAN: 192.168.2.110
  • PFSENSE1 LAN: 192.168.1.2/24
  • PFSENSE2 WAN: 192.168.2.111
  • PFSENSE2 LAN: 192.168.1.3/24
  • WAN CARP VIP: 192.168.2.112/24
  • LAN CARP VIP: 192.168.1.1/24

Anyway, got sync to work and setup CARP. CARP status on master is MASTER and MASTER. CARP status on backup is MASTER and BACKUP.

Trying to setup NAT Outbound but doesn't work. The instructions above are confusing, some say set up Hybrid, some Manual. So I did what Tom did and set it to Hybrid and added a mapping:

  • Interface: WAN
  • Source: 192.168.1.0/24
  • Address: 192.168.2.112 (WAN VIP)

But my PC does not get any internet. Gateway + DNS set to 192.168.1.1

]]>https://forum.netgate.com/topic/153820/confused-about-ha-setupRSS for NodeSat, 11 Apr 2026 11:29:21 GMTSat, 23 May 2020 10:16:59 GMT60<![CDATA[Reply to Confused about HA setup on Tue, 26 May 2020 07:50:45 GMT]]>@Derelict The clients don't have internet access or able to ping 8.8.8.8. I have my client as a static IP with gateway and DNS set to 192.168.1.1.

I will try using manual NAT mode.

]]>https://forum.netgate.com/post/914235https://forum.netgate.com/post/914235Tue, 26 May 2020 07:50:45 GMT<![CDATA[Reply to Confused about HA setup on Tue, 26 May 2020 03:44:21 GMT]]>@Justinjja said in Confused about HA setup:

Do you have the "Block private networks" firewall option enabled?

That only applies to connections coming into WAN in the default configuration.

]]>https://forum.netgate.com/post/914213https://forum.netgate.com/post/914213Tue, 26 May 2020 03:44:21 GMT<![CDATA[Reply to Confused about HA setup on Tue, 26 May 2020 03:43:32 GMT]]>@GodAtum said in Confused about HA setup:

Trying to setup NAT Outbound but doesn't work.

Use manual NAT mode for an HA setup. Set the NAT address for all INSIDE sources that actually need NAT to the CARP VIP.

What does "doesn't work" mean? Do the client hosts get ARP for 192.168.1.1? 192.168.1.2? 192.168.1.3? Can you ping it? Can they resolve DNS names? Can they ping 192.168.2.112?

Do basic network troubleshooting hop by hop from the clients out and let us know exactly where it is "not working."

]]>https://forum.netgate.com/post/914212https://forum.netgate.com/post/914212Tue, 26 May 2020 03:43:32 GMT<![CDATA[Reply to Confused about HA setup on Mon, 25 May 2020 22:24:33 GMT]]>Do you have the "Block private networks" firewall option enabled?

]]>https://forum.netgate.com/post/914198https://forum.netgate.com/post/914198Mon, 25 May 2020 22:24:33 GMT<![CDATA[Reply to Confused about HA setup on Mon, 25 May 2020 22:01:30 GMT]]>mcmeekin_network_diagram.png

]]>https://forum.netgate.com/post/914192https://forum.netgate.com/post/914192Mon, 25 May 2020 22:01:30 GMT<![CDATA[Reply to Confused about HA setup on Mon, 25 May 2020 01:33:48 GMT]]>How is everything setup physically? Modem/router - switch - 2x pfsense - switch?
Single dynamic public IP or do you have a static IP range?

]]>https://forum.netgate.com/post/914010https://forum.netgate.com/post/914010Mon, 25 May 2020 01:33:48 GMT