Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [Solved] Secondary firewall will not go to Backup status after failover

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    1 Posts 1 Posters 707 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mcentirefj
      last edited by

      I have my 2 pfSense firewalls setup with a VIP for WAN and a VIP for LAN.

      In the CARP Status page, my primary has both LAN and WAN as Master and the secondary is Backup. Great!

      I test failover by killing the LAN interface. The secondary takes over as Master for LAN. Great!

      I bring back up the LAN interface on the primary, and it takes back over as Master. Great again!

      The Secondary also says it's the Master….... Not so great.

      The only way I can make the secondary go back to "Backup" is by disabling the LAN interface and enabling it again, then it happily returns to the Backup.

      Any ideas on what could be causing this? I've tried searching the forums and Google and have failed to find anything that fixes the issue.

      Edit:

      Figured out my issue.  The switchports that the LAN interfaces connected to had port security enabled and set to restrict. I could see in the switch logs that pfsense was triggering port security. Disabled port security on those ports, now everything works fine!

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.