Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    is it possible to configure more than 2 pfsense for HA?

    HA/CARP/VIPs
    4
    5
    482
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      planetinse
      last edited by planetinse

      Is it possible to have more than one primary and a secondary pfSense instance?

      The reason is to improve loadbalancing and full flexibility over physical locations and have a very flat scaling (every (hardware) box for it-self approach)

      iam thinking a primary + 2 or 3 secondary's to start with.

      T S 2 Replies Last reply Reply Quote 0
      • T
        tkriviradev @planetinse
        last edited by

        @planetinse I was able to configure config sync from the second to the third box, that was a long time ago.
        I was using this for DNS sync.

        1 Reply Last reply Reply Quote 1
        • S
          SteveITS Galactic Empire @planetinse
          last edited by

          @planetinse Somewhere in the docs there’s a sentence or two about it. IIRC it’s theoretically possible but they’ve never tested it, or something to that effect.

          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
          Upvote 👍 helpful posts!

          1 Reply Last reply Reply Quote 1
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            HA is not and has never been "load balancing" -- it's active/passive.

            Adding a third node is possible in theory for some scenarios but it's not supported. At a minimum it requires manually adjusting some values (e.g. manually syncing VIPs and setting appropriate skews). It's still only one active node and then multiple passive nodes, however.

            Config sync can be chained, A->B->C->[...]-->n but it's not something I'd suggest relying upon.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            P 1 Reply Last reply Reply Quote 1
            • P
              planetinse @jimp
              last edited by planetinse

              @jimp Yea i know - but there is no other way when a single instance can not take the load, especially since it's a single CPU process only
              (see load below) - other ways to solve this ? please enlighten me :-)
              cce21a91-f3c8-4bdf-ab67-99f1a3fc7d85-image.png

              I have handled this in the past by simply unlink CARP sync and manually set skew for VIP's to loadbalance load over two HA's

              Example:
              so some customers has fw1 as primary and some other customers has fw2 as primary - failover still works.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.