------- Original Message ------- On Friday, April 14th, 2023 at 10:50 AM, Markus Wernig <liste...@wernig.net> wrote:
Thank you Markus for your answer, as mentioned to Janne it was the switch the problem. For the sake of documenting I answered your questions below. > - Do the two fw actually have a link on their carp0 carpdev interfaces? Yes. > If both are master, both should be sending out CARP advertisements, so > I'd try to run tcpdump on both external interfaces and look for those: > tcpdump -n -e -i carp0 proto carp I did that yesterday and for both firewalls I could see the CARPv2 advertisements. > - Did you enable CARP preemption? Try setting these via sysctl: > net.inet.carp.preempt=1 > net.inet.carp.log=3 I have CARP preemption enabled but my carp log level is 2 and not 3. > - In your config one fw has carpdev em2, the other carpdev em0. Could be > OK, or could be an error. Well spotted but indeed it is correct, both firewalls have different hardware and the first interface on the first firewall is em2 whereas on the 2nd firewall it is em0.
