Hopefully the provider can just route the additional subnet to your existing WAN IP. Then you don’t need to do anything with CARP/HA except make sure primary and secondary are both set up to deal with the routed traffic.
> On Feb 27, 2015, at 9:59 AM, Steve Yates <[email protected]> wrote: > > After learning of the CARP failover/sync features, we intend to use a > VM based firewall for our new private cloud, and have it sync to a failover > that would also be a VM. If it all works, we would be able to move the VMs > around our cluster as necessary, while they are in use. We figure we can set > up our switch to put all incoming packets on a VLAN for only the firewall(s), > have the servers on a different VLAN, and have pfSense route between them. > Possibly with NAT; not sure yet. > > In the data center, if we end up needing more than the default block of > IPs, there is a fee, so I was thinking about just getting another block > when/if it was necessary. That gives up one more IP to the firewall, but it > will take years for that to cost more than to start with a bigger block up > front. Can we just add a second subnet? Does that simply show as a second > WAN network? Would any common rules (say, blocking pings) need to be > duplicated for each or could they apply to both? > > Thanks, > > Steve Yates > ITS, Inc. > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
