• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

CARP SETUP with Transparent pfsense running for IPS

Scheduled Pinned Locked Moved HA/CARP/VIPs
9 Posts 2 Posters 2.3k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • V
    vallum
    last edited by Mar 22, 2016, 9:38 AM Mar 22, 2016, 9:34 AM

    Hello ,

    Please suggest , CARP feasibility for this setup (pf-sense 2.2.6 64 bit) and possible scenarios .

    Fail-over Dual WAN is configured for LAN Traffic.

    Thanks for your support.

    Manu

    1 Reply Last reply Reply Quote 0
    • V
      vallum
      last edited by Mar 23, 2016, 5:19 AM

      I'm Thinking of doing it like this :-

      Manu

      1 Reply Last reply Reply Quote 0
      • V
        vallum
        last edited by May 5, 2016, 3:09 AM

        Hey any suggestions?

        Manu

        1 Reply Last reply Reply Quote 0
        • D
          Derelict LAYER 8 Netgate
          last edited by May 5, 2016, 5:18 AM

          Is everything in the first diagram already configured and working?

          Why no CARP for ISP 2?

          Otherwise looks pretty good to me.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • V
            vallum
            last edited by May 11, 2016, 3:04 AM

            @Derelict:

            Is everything in the first diagram already configured and working?

            Why no CARP for ISP 2?

            Otherwise looks pretty good to me.

            Hey ,

            Yes Everything is working smoothly  as shown in first Diagram .

            For ISP 2 I'm not sure if i should assign CARP or not (Also There is fail over gateway(wan2+wan1) Group, for LAN traffic ) .
            is it OK to proceed with CARP configure on ISP 2 . please suggest :)

            Manu

            1 Reply Last reply Reply Quote 0
            • D
              Derelict LAYER 8 Netgate
              last edited by May 11, 2016, 3:21 AM

              If I had the 3 public IP addresses for WAN2 I'd use CARP there.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • V
                vallum
                last edited by May 12, 2016, 8:57 AM

                @Derelict:

                If I had the 3 public IP addresses for WAN2 I'd use CARP there.

                Hey , Thanks for the Help.

                I'm also confused about one point , that if WAN2 goes down , then will it trigger gateway group rule  or CARP fail-over to other box .

                2nd :- Is it Ok to connect Snort(IPS/IDS) between firewall and ISP router  , or inline with DMZ switch and firewall .

                Manu

                1 Reply Last reply Reply Quote 0
                • D
                  Derelict LAYER 8 Netgate
                  last edited by May 14, 2016, 1:02 AM

                  Gateway failover groups and CARP are two completely different things.

                  In general, a CARP fail event means multicast packets did not make it from the master to the backup node on the local multicast domain. It generally means a local switching or router failure.

                  A gateway group failover means ICMP to a remote host failed, indicating that routing out that path is broken, has high latency, or whatever is set on that gateway. That causes a change in routing behavior and has nothing to do with CARP.

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • V
                    vallum
                    last edited by May 16, 2016, 11:50 AM

                    Thanks for the clarification .

                    Manu

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                      This community forum collects and processes your personal information.
                      consent.not_received