Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Carp design verification

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    2 Posts 2 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      orion
      last edited by

      I am designing a new firewall solution for my network and i want to check my logic. I am going to virtualize the firewalls so i have better access to them in the server cluster.

      internet – xen1 nic -- firewall 1 -- internal network
                                      ||carp                  ||switch
      internet -- xen2 nic -- firewall 2 -- internal network

      firewall 1
      wan x.x.x.2 public ip
      lan x.x.1.2 private net for management
      sync x.x.2.2 dedicated net to other firewall
      dmz x.x.3.2 virtual server net

      firewall 2
      wan x.x.x.3 public ip
      lan x.x.1.3 private net for management
      sync x.x.2.3 dedicated net to other firewall
      dmz x.x.3.3 virtual server net

      carp vip x.x.x.? carp inbound for dedicated ip to virtual server
      carp vip x.x.1.1 lan gateway
      carp vip x.x.3.1 dmz gateway

      I am trying to avoid when wall1 is shutdown for maintenance or failure wall2 keeps everything alive.

      Another thing i would like it to share the load but im not sure how that might work.

      1 Reply Last reply Reply Quote 0
      • J
        jasonlitka
        last edited by

        That setup would work for failover, yes, though you might want to call that dedicated interface "SYNC" to avoid confusing people when posting about it.

        pfSense doesn't support active-active, so you can't do load balancing between the two boxes.

        I can break anything.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.