I'll quickly summarize the steps you need to take: 1. Setup the primary firewall with a unique IP for wan and lan that you will not be using in the CARP failover group. Each firewall must have it's own unique ip for both WAN and LAN. 2. Setup the secondary firewall with a unique IP for wan and lan that you will not be using in the CARP failover group. Each firewall must have it's own unique ip for both WAN and LAN. 3. On the primary firewall, setup your virtual ip's that you wish to share on the CARP cluster 4. Visit CARP Settings on the primary firewall and enable all options except load balancing. In the "Synchronize to IP" box insert the _UNIQUE_ LAN IP of the seondary firewall. This will basically force all the common settings to the backup automatically! 5 Visit CARP Settings on the secondary firewall and enable preemption _ONLY_. 6 Setup advanced outbound NAT on the primary firewall and make sure that your directing all outbound traffic through one of your virtual ip's so that when a failover occurs, there is no states using either of the unique ip's
That's about it If you follow the above, it should work, granted I didn't overlook anything minor. Scott On 10/18/05, Alex Moura <[EMAIL PROTECTED]> wrote: > Hello, > > I'll lecture a training scheduled for next week, where I plan > to talk about pfSense, besides m0n0wall. > > I'd like to show them the failover feature, but it didn't work > as expected, following the website's tutorial. I also did > searches at the mailing list history and I haven't found any > messages about problemas or hints with this feature, with > leads me to think that my configuration is missing something. > > About the configuration made: > > 1) Started with two factory reset pfSense 0.86.4 Generic PC firewalls. > > 2) Followed the animated tutorial for failover > > 3) Noticed that that tutorial misses the sync interfaces configuration, > that should be done prior the failover steps, so I did factory reset the > firewalls and started over. > > 4) Noticed that the backup firewall carp interfaces screen isn't the > exactly the same that the tutorial shows: it's missing the icons and is > blank > where it should be showing > > 5) Confirmed: > - That the WAN and LAN Virtual IPs were pinged from the LAN client > - The client was able to navigate using the LAN Virtual IP as a gateway > - That packets arrived external sites with the WAN Virtual IP > - When I shutdown the Master firewall, both Virtual IPs also disappeared. > > There's an PDF to illustrate what happened, and a jpg with the lab scenario > available at: > http://alexsm.sites.uol.com.br/pfsense-carp-pfsync-lab.pdf > http://alexsm.sites.uol.com.br/treinamento_bsd_fws.jpg > > I've just noticed that the pfSense-LiveCD-0.87.iso is available. > I haven't tested it, but if my configuration isn't correct, I guess it > doesn't matter the pfsense version, right? :-) > > Thank you in advance. > > Best regards, > > Alex > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
