Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense HA CARP with mode only routing (firewall disabled)

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    5 Posts 3 Posters 741 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      virusbcn
      last edited by

      Hi all, I have set up a small lab to try to install PfSense in HA, I have it set up and working.

      However I need pfsense to work in routing only mode (advanced->Firewall&NAT->disable firewall x) and as soon as I switch to routing only mode the routing stops working and pfsense doesn't work, is there any incompatibility with this method?

      Thanks

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire @virusbcn
        last edited by

        @virusbcn I don’t know the answer to your question but to double check you’re not using NAT? That also turns off NAT.

        Could you leave it on and create an allow all rule on each interface?

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        V 1 Reply Last reply Reply Quote 0
        • V
          virusbcn @SteveITS
          last edited by

          @steveits Yes, when i check the option disable firewall the NAT turns off.

          The virtual IP not respond to ping when disable firewall, turn on again and HA its working again, seems that this config its not compatible with HA maybe ???

          1 Reply Last reply Reply Quote 0
          • V
            virusbcn
            last edited by

            The problem is the primary pfsense router not have the route to back pfsense HA, i not think about that, its ok now

            1 Reply Last reply Reply Quote 1
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              FYI- You can disable NAT and route without also disabling the firewall.

              Firewall > NAT, Outbound tab, set it to Disable Outbound NAT and save/apply.

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 1
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.