Redundancy without more pfSense boxes
-
My network diagram is show below. I was wondering if there is a way to add redundancy to this solution without adding any more physical hardware, than the two Firewalls already implemented. The link between the two is so I can transfer data from one LAN to another over a high bandwidth link, while still maintaining a level of security on the internal LAN. If more detail is needed please let me know.
-
Yup, look at CARP - you can find more details in the documentation.
-
CARP would be good, but keep in mind that with CARP it expects the network interface setup to be identical on both systems.
So you'd need to have an interface (or VLAN interface) on each box for each WAN and each LAN, and enough IPs on every interface for the routers and the shared CARP VIPs. (Might hard/impossible to do on each WAN depending on the connection type and ISP)