• I've got a main pfSense fw and a backup.  All the virtual IPs status on FW1 are listed as Master.  All the VIPs on the backup firewall are listed as Backup, except for one.  The VIP for the storage network, on both firewalls are said to be Master.  Any suggestions?  Thanks in advance.

  • Since there is some indication that version number my be at play here; FW1 (master) is 2.1, FW2 (backup) is on 2.1.5.  Again, only on VIP is seeing both ends as Master.  All others are Master/Backup.

  • LAYER 8 Moderator

    You should bring both nodes to the same version, there were quite a few changes from 2.1 -> 2.1.5 belonging to CARP and VIP code.


  • I've seen this behavior under several circumstances:

    • when there is a carp misconfiguration; be very careful about the VHID, it must be unique for each virtual IP

    • when there is something filtering CARP traffic between the nodes

    • when there is leakage between the virtual IPs (eg: lan and dmz can see each other on layer 2).