Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HA with 2 Residential ISPs

    Scheduled Pinned Locked Moved Routing and Multi WAN
    multi-landhcphigh availabili
    4 Posts 2 Posters 809 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • hydrianH
      hydrian
      last edited by

      Hello, I'm trying to build some redundancy with my home network. I've been running pfSense for over a decade and love it. Now, with where I live and our dependency on the internet for work and home-schooling, I need to look at HA.

      I currently have Spectrum cable service and Google FI (pay per GB) for cell service. I have modems with Ethernet ports(no tethering) for both ISPs. I want to be able to set up a primary pfSense box to use the cable connection and a secondary pfSense box (only when the primary isn't available/working) to use the cell service.

      Also, I want this as two different pfSense boxes because I use pfSense for DHCP addressing. A down pfSense device has caused issues multiple times because the internal devices can't get DHCP-provided addresses. I have multiple internal private subnets, so putting a DHCP server on the router makes sense so a single DHCP server can address all of the internal networks.

      Here is a quick image of how I see this setting up:
      pfSenseHA.drawio.png

      Any guides/documentation on how to get this done? Google is being very obtuse about this.

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @hydrian
        last edited by

        @hydrian said in HA with 2 Residential ISPs:

        I want to be able to set up a primary pfSense box to use the cable connection and a secondary pfSense box (only when the primary isn't available/working) to use the cell service.

        Why want you set it up this way?
        If your primary internet was down, the master role would not switch over to the secondary.
        Get a small VLAN capable switch or two small dumb switches and put them in between the boxes and the modems, then you also get internet fail over.

        hydrianH 1 Reply Last reply Reply Quote 0
        • hydrianH
          hydrian @viragomann
          last edited by

          @viragomann How would that work with a single MAC address locking cable provider? I only get a single public IPv4 address.

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @hydrian
            last edited by

            @hydrian
            You can get it work with a single public IP, but probably not with a MAC lock. CARP uses certain MAC addresses, which cannot be spoofed as far as I know.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.