Carp design verification
orion last edited by
I am designing a new firewall solution for my network and i want to check my logic. I am going to virtualize the firewalls so i have better access to them in the server cluster.
internet – xen1 nic -- firewall 1 -- internal network
internet -- xen2 nic -- firewall 2 -- internal network
wan x.x.x.2 public ip
lan x.x.1.2 private net for management
sync x.x.2.2 dedicated net to other firewall
dmz x.x.3.2 virtual server net
wan x.x.x.3 public ip
lan x.x.1.3 private net for management
sync x.x.2.3 dedicated net to other firewall
dmz x.x.3.3 virtual server net
carp vip x.x.x.? carp inbound for dedicated ip to virtual server
carp vip x.x.1.1 lan gateway
carp vip x.x.3.1 dmz gateway
I am trying to avoid when wall1 is shutdown for maintenance or failure wall2 keeps everything alive.
Another thing i would like it to share the load but im not sure how that might work.
jasonlitka last edited by
That setup would work for failover, yes, though you might want to call that dedicated interface "SYNC" to avoid confusing people when posting about it.
pfSense doesn't support active-active, so you can't do load balancing between the two boxes.