1. Home
  2. pfSense® Software
  3. HA/CARP/VIPs
  4. How to connect 2 bridged WAN to a switch ?

How to connect 2 bridged WAN to a switch ?

  • S

    I have inherited 2 pfsense instances (2.0 and 2.0.1) behind a baystack 350-12T switch.
    pfsenses have the same config : WAN,LAN,OPT2 - bridged.
    WAN (with assigned IP) connected to baystack, LAN (no IP) to DMZ
    OPT2 is connected via CARP and is used for pfsync.
    I'd like to have a WAN VIP address, which would be used as a default gw for DMZ network (a few /24 networks) and load balancer.
    For the moment one switch port is disabled to not have a network loop. And for that reason CARP fro WAN doesn't work (both are in master status).
    In case of any issue with one of pfsense, baystack switch ports (pfsenses are connected to) are manually swapped (en/dis to dis/en).
    That's the current situation.

    What I want to get, is to enable both baystack ports, and have a real failover configuration.
    What is the best approach we can go with ? baystack support a kind of STP. STP is disabled on both pfsense bridges.
    I have read many opinions, that STP may cause issues, I cannot afford (everything is in production).
    Is STP a way to go with, or to use devd, as it is described here http://forum.pfsense.org/index.php/topic,4984.msg87793.html#msg87793

    What would you recommend ?

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy