PfSense 2.3 Faiover



  • Ηι guys,
    Did someone knows how to setup failover for two different WANs in pfSense 2.3?



  • For a single pfSense host with multiple WAN connections use 'Gateway Groups' and configure load balancing, failover and firewall rules to use the Gateway Groups.

    Using CARP is something new for me. I assume that the WAN connections have to be to 'Static IP' and a WAN network segment (an ethernet switch) for at least three physical connections is required for each WAN. I am hoping that someone will confirm this as I have an installation currently using PPPoE to directly attached ADSL routers for all of the WAN interfaces that would benefit from moving up to a highly available system.

    I am guessing that it would be possible to have a CARP installation with two different WAN ISPs on each host, WAN1 only on the primary and WAN2 only the secondary. The gateway group on the primary pfSense host would show that the WAN2 was permanently down in normal operation. When system failover is triggered the secondary/backup pfSense host takes over, WAN1 would be shown as permanently down. This might work for failover but WAN2 would be just a backup circuit and could not be used for load balancing or traffic priorities. I have not tried this myself so I have no idea if it would actually work in practice.



  • Can you tell me the steps?
    i have two WANs with static IP.



  • I recently set this up in 2.3. If you're using a single pfSense box, then vbentley's suggestion is correct for WAN failover:

    For a single pfSense host with multiple WAN connections use 'Gateway Groups' and configure load balancing, failover and firewall rules to use the Gateway Groups.

    If you're using dual pfSense boxes in a HA cluster, you will need three static IP addresses on the WAN, and 3 IP addresses on the LAN.

    **Once you have your boxes built, configure a static IP address on each WAN interface

    Then navigate to Firewall > and select Virtual IPs

    Add a new Virtual IP > select CARP as the type > select your WAN interface > give it a static IP address in the same subnet > create a password

    Configure the same Virtual IP address with the same password on the secondary (backup) pfsense box

    Both WAN uplinks should be connected via a switch.**

    Do the same for your LAN connections, using a different physical switch or vlan.

    HTH



  • Thanks a lot for your replay…but...
    WAN1 and WAN2 take the WAN IPs from DHCP with specific MAC Address, cause my server is ESXi from Germany DataCenter (im from Greece).
    The public IPs from WAN1 and 2 is familiar to my.
    So i follow the same steps that you tell me?



  • If you're not using static IP addresses for the WAN, I don't think CARP or HA failover is possible.

    vbentley's suggestion for WAN failover should still work, although I've never set it up

    For a single pfSense host with multiple WAN connections use 'Gateway Groups' and configure load balancing, failover and firewall rules to use the Gateway Groups.


Log in to reply