Two locations, two ISP (WAN) and HA setup
-
We have purchased four 8300 devices for our company. We have two locations, with two ISPs. The locations are connected via a fiber-optic links. I would like to connect everything in a sensible high-availability (HA) setup. Could you please help me?
LOCATION A:
ISP WAN (i.e. 10.1.1.1)
2 x Netgate 8300
LAN (VLANS etc.)LOCATION B:
ISP WAN (i.e. 10.2.2.2)
2 x Netgate 8300
LAN (VLANS etc.)Is it possible for something like this to work in a HA? Or is there a better solution? For example, could something like this be used: location 1 – two devices in HA with one ISP, location 2 – the same with second ISP. And how would I connect these two locations so that in the event of an ISP failure at one site, the other location would provide Internet access for the entire network?
-
@Jdwind this is one ISP each location with a fiber that stays up if Internet is down?
Individually:
https://docs.netgate.com/pfsense/en/latest/recipes/high-availability.html -
@SteveITS Yes, it is. And I (we) have a separate fiber connection between the locations.
-
@Jdwind I haven’t done it, but I’d take a look at
https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-s2s-route-internet-traffic.html
That might get you only one direction though.You might also look at policy routing.
-
@SteveITS Why should I use VPN when I have direct fibre connections? Isn't better do somethink like that:
1 Location - 2 x 8300 with HA
2 Location - 2 x 8300 with HA
and separate transport VLAN between locations HA1 and HA2, and (maybe?) a separate fibre for WANs (MULTIWAN for both locations)? -
@Jdwind I just meant, maybe duplicate their routing in the example.