Configuring 2 PfSense in HA with CARP in LAN/WAN
-
Hi,
im trying to configure 2 PfSense in a Test Scenario with following topology:
I have configured a HA and CARP following the official guide
I have some problems:
1- if i shut interface that arrive on primary PfSense from LAN side, all CARP ip go in Standby and traffic continue to work, but when i try to shut only the WAN
interface of primary PfSense (on switch), CARP LAN stay in Active state and WAN change in blank state on primary. Instad the Second PfSense have all CARP in Active.2- if i don't shutdown nothing and i try to ping il 10.10.10.1 (VyOS dvice) from the PC Test and enabling packet capture (wireshark) in WAN and LAN side of both interface of both PfSense's, i can see ping packet on the LAN and WAN of Primary PfSense and this is right, but i can see also a ping exiting from WAN interface of secondary PfSense and on this firewall the CARP stayng in standby (as a right way).
Before configure in a real scenario (i want try to implement a couple of PfSense in TestPlant of my organization) i need understand where is a problem in this topology.
thanks very much for your support.
Bye
Enrico from Italy -
now work inserting in WAN CARP parameter "Advertising Frequency/Base" the same value of LAN CARP Interface:
-
@Phelton Don't know what you mean by your last comment but make sure that BASE is e.g. 1 on main and at least 100 on secondary. Also, use a different VHID Group for each network/carp ip