CARP SETUP with Transparent pfsense running for IPS
-
Hello ,
Please suggest , CARP feasibility for this setup (pf-sense 2.2.6 64 bit) and possible scenarios .
Fail-over Dual WAN is configured for LAN Traffic.
Thanks for your support.
-
I'm Thinking of doing it like this :-
-
Hey any suggestions?
-
Is everything in the first diagram already configured and working?
Why no CARP for ISP 2?
Otherwise looks pretty good to me.
-
Is everything in the first diagram already configured and working?
Why no CARP for ISP 2?
Otherwise looks pretty good to me.
Hey ,
Yes Everything is working smoothly as shown in first Diagram .
For ISP 2 I'm not sure if i should assign CARP or not (Also There is fail over gateway(wan2+wan1) Group, for LAN traffic ) .
is it OK to proceed with CARP configure on ISP 2 . please suggest :) -
If I had the 3 public IP addresses for WAN2 I'd use CARP there.
-
If I had the 3 public IP addresses for WAN2 I'd use CARP there.
Hey , Thanks for the Help.
I'm also confused about one point , that if WAN2 goes down , then will it trigger gateway group rule or CARP fail-over to other box .
2nd :- Is it Ok to connect Snort(IPS/IDS) between firewall and ISP router , or inline with DMZ switch and firewall .
-
Gateway failover groups and CARP are two completely different things.
In general, a CARP fail event means multicast packets did not make it from the master to the backup node on the local multicast domain. It generally means a local switching or router failure.
A gateway group failover means ICMP to a remote host failed, indicating that routing out that path is broken, has high latency, or whatever is set on that gateway. That causes a change in routing behavior and has nothing to do with CARP.
-
Thanks for the clarification .