In the past, I had CARP active with approx. 20-25 VLANs. As I had stability problems, I implemented the second firewall as a cold standby at some point and deactivated CARP.
Now I'm wondering what I did wrong a few years ago and am asking myself the following question:
If one of the VLAN changes the master status to slave, shouldn't all the other VLANs automatically change to slave as well, because otherwise I have a 'split brain problem'. This has never happened to me. It happened that one or more VLANs had the status slave, while the rest were still master.
What do you think?
Thank You!
Unless you activate "disable preemption" all interfaces should switch or none. So something was wrong, obviously.
You need the same device names on both firewalls and the assignments (LAN, OPT1, OPT2, ...) must be created in the exact same order on both. So e.g. vlan02 is OPT2 on both units etc.
Quote from: c-mu on February 25, 2025, 09:30:02 AMIt happened that one or more VLANs had the status slave, while the rest were still master.
this was the case for me if the VLAN was not created on the switch(es) where the two firewalls are connected to. because these switches drop frames with (to them) unknown vlan tags so the firewalls could not "see" each other (the carp multicast) on these VLANs so both became master