4. Adding Second PFSense HACOM Cluster to Replace Server based FreeBSD Router

Adding Second PFSense HACOM Cluster to Replace Server based FreeBSD Router

  • N

    Many thanks to the PFSEnse Team for providing such a powerful and feature richl product!  8)

    Please see my attached network diagram to gain a general overview of the manner in which I aim to deploy a second PFSense cluster and the challenges we are facing.

    Currently we have one PFSense cluster serving as a router firewall solution allowing the corporate network to access the internet and traffic to be routed between the production and corporate net. So far, we have made two failed attempts to swap out the FreeBSD Firewall (192.168.1.2) which is currently performing NAT and packet filtering. It is configured to be a gateway on 192.168.1.2  but is only bound to several Ips on 192.168.1.0/24 and the public internet not 10.0.20.0/22. It does have a static route that points to the existing dual-homed PFSense cluster for traffic destined for 10.0.20.0/22.

    At the moment, all is well and has been for about a year.  :D

    What we are attempting to do is move the gateway IP 192.168.1.2  from this FreeBSD host to a shiny new PFSense cluster by HACOM. This HACOM unit was configured in the same manner as the existing router/firewall. However, after the switch things we experienced the following:

    1. Connectivity between hosts in the production network was okay for the most part with the exception of one or two hosts requiring a reboot.
    2. Connectivity between the two subnets would be fast one moment and completely gone the next.
    3. Connectivity between servers/workstations in the corporate network was spotty.

    I would love to know what is causing this as I am scheduled to make another attempt this weekend. Some questions:
    1. Is it necessary to power down all networking equipment when moving a gateway IP like this to new hardware with a different MAC?
    2. Is there a caveat regarding having multiple PFSense clusters on the same physical network but on different subnets?
    3. Is there some specific order in which I should make this change?

    Thanks in advance for your attention.


    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy