Hello,
Just started with pfSense about a month ago, so far all is great with
one exception. First an explanation of the environment:
Two feeds from Internet Provider in data center set up with spanning
tree into two ports on a single switch
Two pfsense boxes with 4 NIC ports each: WAN, DMZ, LAN, pfsync. Wan port
of both connected to above switch
Single switch with two vlans, DMZ and LAN
Third pfsense box with WAN port on the LAN VLAN of the previously
mentioned switch
LAN of the 3rd pf Sense connected to switch for DB servers.
I have a Public virtual IP that is used to load balance between two
servers in the DMZ and aprivate Virtual IP to load balance between two
servers in the LAN.
This setup is working wonderfully but, as you can already see this is
not optimal for fail-over situation.
What I am thinking for a revised layout is:
Same two feeds from ISP, one to the WAN NIC on primary, other to WAN NIC
on secondary pfSense.
DMZ and LAN NICs on primary to appropriate VLANs primary switch, same on
Seconday to Secondary switch.
Cable from each switch to NIC on each server in appropriate
networks(DMZ/LAN).
My Questions:
I believe that the virtual IP setup will handle failures of the ISP
link/switchports/WAN NIC on the pfSense boxes.
What I am not sure about is how this will effect the spanning tree that
ISP is using and also how to have the primary pfSense box monitor
all of it's internal ports for any failure and kill the wan port causing
the secondary to take over should the primary not be able to
get to any server in any of the internal networks?
Thanks for any suggestions, RTFM with link to proper document, ...
JohnM
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list
