Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Dual Firewall, dual WAN

    Scheduled Pinned Locked Moved
    HA/CARP/VIPs
    3
    4
    163
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      blank
      last edited by

      Hi,

      My current ISP only supports 1 IP issued by a DHCP.

      I have a dual firewall, and I have CARP setup for my LAN, but for my WAN it isn't possible as I only have 1 IP.
      1 solution is no make a script that failover from FW1 to FW2 in case FW1 is down or have no connection.

      Well. I found another ISP that can provide up to 4 IP addresses, probably some random IP's issued by DHCP.

      would it be possible to setup PFSense with either CARP failover,
      so order 3 static IP's?

      alternative have 1 static IP for each firewall, so no CARP failover.
      Keep in mind I also have a 4g/5g modem for loss of fiber.

      wan connection.drawio.png

      V T 2 Replies Last reply Reply Quote 0
      • V
        viragomann @blank
        last edited by

        @blank said in Dual Firewall, dual WAN:

        I found another ISP that can provide up to 4 IP addresses, probably some random IP's issued by DHCP.

        This probably means, that you get a DHCP IP from the ISP and the static IPs are routed to it.
        Hence all IPs hook up on a DHCP in fact. Even some are "static", a DHCP client is required to get them.

        So this might not improve your options at all.

        1 Reply Last reply Reply Quote 0
        • T
          Tadmin @blank
          last edited by

          If I understand correctly, that could be done via properly configured priority in both GW on WANs and CARP VPIs on Local network.

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @Tadmin
            last edited by

            @Tadmin
            A CARP setup requires at least two IPs within a subnet for the two nodes and a shared CARP VIP. All three have to be static to get CARP work out of the box. A shared DHCP VIP is not supported.

            However, people posted workarounds here to get it up with DHCP as far as I remember. But this needs some scripting. Try the forum search.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post