WAN VIP failover
I have scenario here which I thought I was capable of completing but have failed :(
I have 2 pfsense firewalls side by side, doing carp. I have an inside VIP they are sharing and this side of it works fine, i.e when I down one firewall I can still reach the inside VIP and can reach internet etc. But this is whilst each firewall uses its own physical WAN address.
My question is, can someone give me a quick run-through of how to set up a shared VIP for the WAN. So when failover occurs, the WAN address remains the same (just as it does internally). And yes, I have plenty of external IP's to play with.
dotdash last edited by
You just setup a CARP VIP on the WAN, then change the AON so the outbound NAT uses the WAN CARP instead of the interface. The CARP tutorial (http://www.pfsense.org/mirror.php?section=tutorials/carp/carp-cluster-new.htm) is a good reference for configuration.