On 2008-08-11, Bob Rohrman <[EMAIL PROTECTED]> wrote: > However, when I failover to the backup machine the tcp sessions for > workstations on the 192.168.10.0/24 network > get killed (not expected).
> A workstation behind these firewalls with the default gateway of > 192.168.10.5 (internal carp address) browses to > a website that requires authentication, logins in and browses pages. > > Then failover the master , then browse to the same pages, which redirects > to the login page. > > Is this expected behavior? Yes, very likely - one firewall NATs packets to have a source address 172.16.10.173, the other 172.16.10.172 > nat on $ext_if from !($ext_if) -> ($ext_if) I think you want to use your $carp_ext macro here, not $ext_if.
