Access to pfSense via VIP



  • I finished setting up CARP with two pfSense devices. It is functioning as I expected, but I cannot access the device via VIP.

    WAN Interface
    Master: xxx.xxx.xxx.121
    Backup: xxx.xxx.xxx.122
    VIP: xxx.xxx.xxx.120

    Weird thing is that I can access xxx.xxx.xxx.120 through LAN interface, but I cannot access through WAN interface. In other words, I have a laptop under the pfSense, and it allows me to login to pfSense via VIP. However, when I try from different network (home, 4G, public WiFi, etc…), it does not show any pages. There is no firewall between the ISP and pfSense.

    "What is my IP" on my laptop surely shows the VIP.

    May I have some advices to resolve it?

    Thank you very much.



  • Is it reachable via its primary interface IPs?
    Master: xxx.xxx.xxx.121
    Backup: xxx.xxx.xxx.122

    Are the WAN IPs in a private network and so blocked by default interface configuration?



  • Make sure your rule allowing external access has the destination of 'WAN net' or the VIP and not 'WAN address'.



  • xxx.xxx.xxx.121 and 122 were accessible. After I modified the firewall rule (WAN address to WAN net), it began to work! Thank you very much!