Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Adding Second PFSense HACOM Cluster to Replace Server based FreeBSD Router

    Scheduled Pinned Locked Moved General pfSense Questions
    1 Posts 1 Posters 804 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      netnerd
      last edited by

      Many thanks to the PFSEnse Team for providing such a powerful and feature richl product!  8)

      Please see my attached network diagram to gain a general overview of the manner in which I aim to deploy a second PFSense cluster and the challenges we are facing.

      Currently we have one PFSense cluster serving as a router firewall solution allowing the corporate network to access the internet and traffic to be routed between the production and corporate net. So far, we have made two failed attempts to swap out the FreeBSD Firewall (192.168.1.2) which is currently performing NAT and packet filtering. It is configured to be a gateway on 192.168.1.2  but is only bound to several Ips on 192.168.1.0/24 and the public internet not 10.0.20.0/22. It does have a static route that points to the existing dual-homed PFSense cluster for traffic destined for 10.0.20.0/22.

      At the moment, all is well and has been for about a year.  :D

      What we are attempting to do is move the gateway IP 192.168.1.2  from this FreeBSD host to a shiny new PFSense cluster by HACOM. This HACOM unit was configured in the same manner as the existing router/firewall. However, after the switch things we experienced the following:

      1. Connectivity between hosts in the production network was okay for the most part with the exception of one or two hosts requiring a reboot.
      2. Connectivity between the two subnets would be fast one moment and completely gone the next.
      3. Connectivity between servers/workstations in the corporate network was spotty.

      I would love to know what is causing this as I am scheduled to make another attempt this weekend. Some questions:
      1. Is it necessary to power down all networking equipment when moving a gateway IP like this to new hardware with a different MAC?
      2. Is there a caveat regarding having multiple PFSense clusters on the same physical network but on different subnets?
      3. Is there some specific order in which I should make this change?

      Thanks in advance for your attention.

      network_diagram_before.png
      network_diagram_before.png_thumb

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.