Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense failover… getting started

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    12 Posts 2 Posters 4.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tubaguy50035
      last edited by

      I'm very new to the failover and load balancing area.  I would really like to have two pfSense boxes to add redundancy to my current network configuration.  Currently, my isp supplies an ip based on a mac on one of my interfaces.  This is dynamically assigned and can change at some point.  My isp requires that you login via a captive portal page, but I've paid to have them keep track of my mac address so I don't have to use that page.  How would I go about having redundant firewalls and have it look like only one mac address and ip to my isp?  Is that even possible?

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        No, that is not possible exactly as you have it.

        For proper CARP, you need three static IPs on WAN in the same subnet. However, if you were able to get those three IPs, the CARP VIP's MAC address would be constant for both machines so a portal bypass may still work for that.

        Alternately, you could put a cheap SOHO-type router in front to do NAT and have your WAN static IPs be on the LAN side of the cheap router, but that just moves your single point of failure around, you wouldn't have true redundancy.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • T
          tubaguy50035
          last edited by

          I'm confused why I would need three.  I can see two, but where does the third one go?  Also,  I would like to host a web-server behind them, what ip do I submit with my domain name for dns records?

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            It's well documented in the wiki and book, each machine needs its own IP address and then they need one to share as the CARP address.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • T
              tubaguy50035
              last edited by

              Ah.  Okay.  That's the ip for dns records… yes?  And maybe a newb question, but where's the wiki?  I looked over the forum home page quickly and couldn't find it.

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                It's linked in my signature. :)

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • T
                  tubaguy50035
                  last edited by

                  Hey!  Lookie there!  Thanks!

                  1 Reply Last reply Reply Quote 0
                  • T
                    tubaguy50035
                    last edited by

                    I've only glanced through the wiki just now, so if you say it exists, I'll go find how to do it, but is it possible to load balance incoming and outgoing traffic through two pfsense boxes?  Or is that only available for fail-over?

                    1 Reply Last reply Reply Quote 0
                    • jimpJ
                      jimp Rebel Alliance Developer Netgate
                      last edited by

                      CARP is only for failover.

                      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                      Need help fast? Netgate Global Support!

                      Do not Chat/PM for help!

                      1 Reply Last reply Reply Quote 0
                      • T
                        tubaguy50035
                        last edited by

                        Okay.  Is it possible through other means?  Then I can direct my questions there.

                        1 Reply Last reply Reply Quote 0
                        • jimpJ
                          jimp Rebel Alliance Developer Netgate
                          last edited by

                          It's not possible to do in any useful way. Why do you need to load balance between two firewalls at the same time?

                          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                          Need help fast? Netgate Global Support!

                          Do not Chat/PM for help!

                          1 Reply Last reply Reply Quote 0
                          • T
                            tubaguy50035
                            last edited by

                            I'm not sure.  Just curious what all pfSense, or any router for that matter, can do.

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.