Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Master-Master Config

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    3 Posts 2 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      KoalaTNR
      last edited by

      Hello,

      we've 2 firewalls:

      fw001
      fw002

      I want to setup 4 carp ip adresses… 2 internal an 2 external. I want to do the following config

      carp0 - extern 1
      capr1 - extern 2
      carp2 - intern 1
      carp3 - intern 2

      I've disabled the sync of carp adresses. Then I've manually created on both firewalls the carp adresses.

      fw001-->carp0--> adv Freq=0
      fw002-->carp0--> adv Freq=100
      fw001-->carp1--> adv Freq=100
      fw002-->carp1--> adv Freq=0
      fw001-->carp2--> adv Freq=0
      fw002-->carp2--> adv Freq=100
      fw001-->carp3--> adv Freq=100
      fw002-->carp3--> adv Freq=0

      see also http://www.countersiege.com/doc/pfsync-carp/#configuration figure "Something bigger" but only with 2 servers.

      Each firewall show 2 master and 2 backup carp adresses. Is this config possible or I'll get problems with pfsense?

      Greetings
      Thomas

      1 Reply Last reply Reply Quote 0
      • S
        sullrich
        last edited by

        Sorry, not supported.  We only do master / backup.

        1 Reply Last reply Reply Quote 0
        • K
          KoalaTNR
          last edited by

          I've your answer expected ;D but:
          In CARP-Documentation is written that's possible.

          Is it not supported because it's not tested? Or is not working and I'll get problems? Is it technical (e.g. unsupported) possible to sync in both directions (fw001 <–> fw002).

          I ask because I want share applications over two firewalls:

          fw001: vpn, internet access,...
          fw002: web hostings, dmz, ...

          If one firewall goes down then the other firewall run all.

          Is it planned in future to support master-master?

          1 Reply Last reply Reply Quote 1
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.