Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Is this setup reliable and fine ?

    General pfSense Questions
    1
    2
    487
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sallain last edited by

      Hi All,

      I would like to know if a such setup is OK and right ?

      pfSense are running in a cluster/HA => failover is OK, BACKUP becomes MASTER if MASTER is dead.

      Both WAN I/F for each pfSense box are setup with the same WAN Gateway z.x.y.214/29
      ISP is providing a pool of 8 IPs in a /29 network from z.x.y.208 to z.x.y.215 : .214 is their Gateway, running as a HSRP config.

      SDLS router is the master by default, config is done to toggle to backup unit if the main SDLS ISP router comes down or Internet link drop down.

      The switch beetween pfSense boxes and ISP routers is a classic 8 ports 10/10/1000, no manageable.

      I have defined some Virtuals IPs at the both pfSense side :

      z.x.y.209/24
      z.x.y.210/24
      z.x.y.211/24
      z.x.y.212/24

      Each WAN pfSense I/F is setup like this : z.x.y.213/24

      Do I need to setup the SAME MACADRESS for each WAN defined at pfSense#1 and pfSense#2 ???
      Do I need to also setup the SAME MACADRESS for each Virtuals IP ?

      Is a such config OK or not ?

      The main deal is that to have enough security : if one of the ISP router is not working, the second one switch as the master.

      I was on production today, I've seen the MASTER pfSense unit losing (OFF) the ISP Gateway while the BACKUP pfSense unit had the ISP Gateway ON !!! I removed the monitoring for both ones.

      Many tanks for giving your opinion please :)


      1 Reply Last reply Reply Quote 0
      • S
        sallain last edited by

        I think that using CARP + Virtual IP will help me :-)


        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy