I have a site in Jacksonville, FL. We have two Watchguard Firebox X700s, with upgraded RAM and a pfSense embedded deployment.
Since installation we have had WEIRD problems with the VPN. We THOUGHT it was the vpn. However, weeks and work revealed an apparent switch problem. Basically, what we've determined is happening is that our HP 2524 is getting confused and moving the internal CARP address over to the second firewall. Our firewalls are designated "JAX1" and "JAX2". Our switch is "JAX". The Config is like this: 10.5.1.1 -- CARP0, Default Gateway 10.5.1.2 -- JAX1 10.5.1.3 -- JAX2 10.5.1.10 -- HPSW When we startup, we get this: (from the swtich CLI) JAX LAN# show arp IP ARP table IP Address MAC Address Type Port --------------- ----------------- ------- ---- 10.5.1.1 00005e-000102 dynamic 10.5.1.2 00907f-321b15 dynamic 18 10.5.1.52 002682-2dadc0 dynamic 3 When the tunnel goes down, we get this: JAX LAN# show arp IP ARP table IP Address MAC Address Type Port --------------- ----------------- ------- ---- 10.5.1.1 00005e-000102 dynamic 24 10.5.1.2 00907f-321b15 dynamic 18 10.5.1.52 002682-2dadc0 dynamic 3 In this case, port 24 is JAX2. The switch never seems pickup 10.5.1.3, which is JAX2, and only the tunnel/routing traffic becomes diverted. Does anyone have any idea / practical advice? The only other idea which I have it to purchase a cheap-ass 5 port switch and interpose that to eliminate the HP needing to think at all. I have Spanning Tree disabled, and no VLANs or other config adjustments. I just upgraded firmware to latest and I have no clue what is causing this. Please help. Sincerely, Joshua --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
