4. Carp design verification

Carp design verification

  • O

    I am designing a new firewall solution for my network and i want to check my logic. I am going to virtualize the firewalls so i have better access to them in the server cluster.

    internet – xen1 nic -- firewall 1 -- internal network
                                    ||carp                  ||switch
    internet -- xen2 nic -- firewall 2 -- internal network

    firewall 1
    wan x.x.x.2 public ip
    lan x.x.1.2 private net for management
    sync x.x.2.2 dedicated net to other firewall
    dmz x.x.3.2 virtual server net

    firewall 2
    wan x.x.x.3 public ip
    lan x.x.1.3 private net for management
    sync x.x.2.3 dedicated net to other firewall
    dmz x.x.3.3 virtual server net

    carp vip x.x.x.? carp inbound for dedicated ip to virtual server
    carp vip x.x.1.1 lan gateway
    carp vip x.x.3.1 dmz gateway

    I am trying to avoid when wall1 is shutdown for maintenance or failure wall2 keeps everything alive.

    Another thing i would like it to share the load but im not sure how that might work.

    0
  • J

    That setup would work for failover, yes, though you might want to call that dedicated interface "SYNC" to avoid confusing people when posting about it.

    pfSense doesn't support active-active, so you can't do load balancing between the two boxes.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy