On Mon, Jan 7, 2013 at 7:46 PM, WolfSec-Support <supp...@wolfsec.ch> wrote:
> any hint will be welcome > You want your pfSense boxes to be mostly identical, and symmetrically configured. That is, you want BOTH ISPs connected to both firewall boxes, and have them share the inbound gateway route via CARP as well. Ie, your providers route your network to the shared WAN IPs. Then you set up your LAN like you plan to with CARP as well, and tell all computers to use the shared LAN IP as their gateway. You configure pfSense to sync between the two boxes. Now all of your firewall rules and states will be synced to the "backup". Now, whenever one of the NICs (or systems) goes down, CARP will failover to the other box and everything will go along as you like. As for handling failover of your ISP, you use an outbound gateway that has both of your WAN addresses and direct all traffic to that gateway. The gateway will notice one ISP not responding, and send traffic the to the other. Basically you are just gluing layers of different functionality on top of each other. Start with redundant CARP configuration, and then add the failover outbound gateway on top of it.
_______________________________________________ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list