Chris Buechler wrote: > On Fri, Aug 28, 2009 at 6:47 AM, luismi<[email protected]> wrote: >> After a failover, ipsec will negotiate everything again no? >> >
yes, and you do get a short drop-out but it is useable; we have two sites each with master/slave pfSense using CARP clustering and ipsec between, and it works well TYVM, pfSense is sufficiently stable and reliable we rarely ever need to reboot them anyway so the secondary firewalls are idle 99.9% of the time. we also have a couple of openvpn tunnels from the remote site to a different local firewall as a fall-back just in case. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
