Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense High Availability exapand existing firewall with multi wan and multi ip

    Scheduled Pinned Locked Moved
    HA/CARP/VIPs
    2
    5
    618
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • kiokomanK
      kiokoman LAYER 8
      last edited by kiokoman

      I'm trying to help a guy on the Italian forum
      is it possible to expand this configuration to use pfSense High Availability with carp? if so it's not clear how to configure the wan side as all the example / docs and #hangout on the net talk about a single static IP per wan
      this is the actual situation:
      there are services that are available only on a specific IP like email server and web server
      as it is now all IP's are configured as "IP alias" directly on pfsense, both modem are in bridge
      isp 1 have 32 public ip
      isp 2 have 16 public ip

      1603227040320-multiwan-on-pfsense-23-pfsense-hangout-march-2016-11-638.jpg

      ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
      Please do not use chat/PM to ask for help
      we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
      Don't forget to Upvote with the 👍 button for any post you find to be helpful.

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @kiokoman
        last edited by

        @kiokoman said in pfSense High Availability exapand existing firewall with multi wan and multi ip:

        is it possible to expand this configuration to use pfSense High Availability with carp? if so it's not clear how to configure the wan side as all the example / docs and #hangout on the net talk about a single static IP per wan

        There is nothing special with that. If you know how to setup HA it's simply the combination with Multi-WAN.
        Get a switch (or two to have WAN redundancy) to connect the WANs to both boxes.

        @kiokoman said in pfSense High Availability exapand existing firewall with multi wan and multi ip:

        there are services that are available only on a specific IP like email server and web server
        as it is now all IP's are configured as "IP alias" directly on pfsense

        It's the same with HA, apart the IP aliases are hooking up on the WAN VIPs instead of WAN address.

        The Outbound NAT for local networks (not the firewall itself) has to be reconfigured to use the WAN VIPs or whatever IP alias you want.

        1 Reply Last reply Reply Quote 1
        • kiokomanK
          kiokoman LAYER 8
          last edited by

          what i don't understand is.. we need one carp address for each public ip ? bc i don't understand how i can nat 40+ public ip if i have only one carp address

          ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
          Please do not use chat/PM to ask for help
          we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
          Don't forget to Upvote with the 👍 button for any post you find to be helpful.

          1 Reply Last reply Reply Quote 0
          • V
            viragomann
            last edited by

            @kiokoman said in pfSense High Availability exapand existing firewall with multi wan and multi ip:

            what i don't understand is.. we need one carp address for each public ip ?

            Maybe you've read that in a very old tutorial.

            Tody both master and slave should have a public IP and a third IP is needed as CARP. The CARP address can be used for services on or behind pfSense.
            All other public IPs you can add as IP alias as you did in the single installation, hooking up on the WAN CARP IPs (WAN1, WAN2) instead of the WAN IPs.

            1 Reply Last reply Reply Quote 1
            • kiokomanK
              kiokoman LAYER 8
              last edited by

              thank you very much, it's more clear now 👍

              ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
              Please do not use chat/PM to ask for help
              we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
              Don't forget to Upvote with the 👍 button for any post you find to be helpful.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.