Master-Master Config

KoalaTNR

Hello,

we've 2 firewalls:

fw001
fw002

I want to setup 4 carp ip adresses… 2 internal an 2 external. I want to do the following config

carp0 - extern 1
capr1 - extern 2
carp2 - intern 1
carp3 - intern 2

I've disabled the sync of carp adresses. Then I've manually created on both firewalls the carp adresses.

fw001-->carp0--> adv Freq=0
fw002-->carp0--> adv Freq=100
fw001-->carp1--> adv Freq=100
fw002-->carp1--> adv Freq=0
fw001-->carp2--> adv Freq=0
fw002-->carp2--> adv Freq=100
fw001-->carp3--> adv Freq=100
fw002-->carp3--> adv Freq=0

see also http://www.countersiege.com/doc/pfsync-carp/#configuration figure "Something bigger" but only with 2 servers.

Each firewall show 2 master and 2 backup carp adresses. Is this config possible or I'll get problems with pfsense?

Greetings
Thomas

sullrich

Sorry, not supported.  We only do master / backup.

KoalaTNR

I've your answer expected ;D but:
In CARP-Documentation is written that's possible.

Is it not supported because it's not tested? Or is not working and I'll get problems? Is it technical (e.g. unsupported) possible to sync in both directions (fw001 <–> fw002).

I ask because I want share applications over two firewalls:

fw001: vpn, internet access,...
fw002: web hostings, dmz, ...

If one firewall goes down then the other firewall run all.

Is it planned in future to support master-master?