Unable to route through new interface

jnpetty · Feb 24, 2022, 7:57 PM

We have a very strange issue where we are spinning up a new interface, just like we did with our 30 previous interfaces.

VLAN:1700
FW1 Interface IP: 192.168.120.1/24
FW2 Interface IP: 192.168.120.2/24
CARP IP: 192.168.120.254/24

The CARP IP properly replicated, FW1 is the Master and FW2 is Backup.

I can ping the individual firewall IPs, but not the CARP IP. Its not a rule issue as I can add an ANY/ANY and the behavior does not change.

Its not a routing or a switch VLAN issue as I can see all MACs on all our switches. The firewall interfaces can ping each other I can ping external IPs from the firewall

There are no floating rules that have this subnet in scope.

At this point I am at a lose and dont know where to proceed. Like I mentioned we have had no issues bringing any of our previous subnets online. But even after destroying and recreating everything, the issue persists.

viragomann · Feb 24, 2022, 9:13 PM

@jnpetty
When you ping the CARP VIP from a connected device, it will first send an ARP request which the master should respond to.

So to investigate, sniff the traffic and check for ARP packets and if pfSense sends a respond.
If there is no ARP request, check the ARP table on the device you're pinging from for an already existing entry.