I have two firewalls built with FreeBSD 10.1 which are working nicely. Upstream I have two internet links, one going into each firewall. An IP address is shared between the two firewalls using CARP. Internally, we have another address shared between the firewalls, and set as the default gateway for all devices behind.
So far, pretty simple. My question that isn't answered in the FreeBSD handbook is what to do with the vhid. If one of the external interfaces goes down I want everything to fail over to the secondary firewall. But that means the internal and external interfaces should fail over together. Should I be doing that by using a single vhid for all interfaces (does that bind them together to failover?), or by writing a script to detect the failover and then bring down the other interface? Thanks Ari -- --------------------------> Aristedes Maniatis ish http://www.ish.com.au Level 1, 30 Wilson Street Newtown 2042 Australia phone +61 2 9550 5001 fax +61 2 9550 4001 GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[email protected]"
