Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Is this setup reliable and fine ?

    Scheduled Pinned Locked Moved General pfSense Questions
    2 Posts 1 Posters 855 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sallain
      last edited by

      Hi All,

      I would like to know if a such setup is OK and right ?

      pfSense are running in a cluster/HA => failover is OK, BACKUP becomes MASTER if MASTER is dead.

      Both WAN I/F for each pfSense box are setup with the same WAN Gateway z.x.y.214/29
      ISP is providing a pool of 8 IPs in a /29 network from z.x.y.208 to z.x.y.215 : .214 is their Gateway, running as a HSRP config.

      SDLS router is the master by default, config is done to toggle to backup unit if the main SDLS ISP router comes down or Internet link drop down.

      The switch beetween pfSense boxes and ISP routers is a classic 8 ports 10/10/1000, no manageable.

      I have defined some Virtuals IPs at the both pfSense side :

      z.x.y.209/24
      z.x.y.210/24
      z.x.y.211/24
      z.x.y.212/24

      Each WAN pfSense I/F is setup like this : z.x.y.213/24

      Do I need to setup the SAME MACADRESS for each WAN defined at pfSense#1 and pfSense#2 ???
      Do I need to also setup the SAME MACADRESS for each Virtuals IP ?

      Is a such config OK or not ?

      The main deal is that to have enough security : if one of the ISP router is not working, the second one switch as the master.

      I was on production today, I've seen the MASTER pfSense unit losing (OFF) the ISP Gateway while the BACKUP pfSense unit had the ISP Gateway ON !!! I removed the monitoring for both ones.

      Many tanks for giving your opinion please :)

      PFSENSE_HA_Dual_Router.jpg
      PFSENSE_HA_Dual_Router.jpg_thumb

      1 Reply Last reply Reply Quote 0
      • S
        sallain
        last edited by

        I think that using CARP + Virtual IP will help me :-)

        My_CARP_and_VIPs.png
        My_CARP_and_VIPs.png_thumb

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.