Messages

1

General Discussion / Transparent Filtering Bridge + CARP/pfsync for HA?

« on: July 10, 2019, 03:26:16 pm »

I have been running pfsense 2.3.4 as a Transparent Filtering Bridge with my /24 range of public IPs for a number of years now. The hardware I was using died so now its time for an upgrade (and move to opnsense).

I am considering running 2 identical pieces of hardware and I have read about CARP/pfsync for HA setups. All the documentation I find seems to refer to using different subnets in private ranges which I do not have the option to do. All of the servers behind the firewall have static public IP addresses (no DHCP and no NAT) all in the same subnet. I have a separate backend network connected to each server using static private IPs with no internet access (no gatway, no router, no DHCP). I also had a 3rd interface set up in pfsense with a backend IP for management gui access only.

Is it possible to run 2 Transparent Filtering Bridge setups in an HA (failover) configuration (via CARP/pfsync) in a single subnet?

Each machine would have a dedicated nic for WAN, nic for LAN, nic for the private backend (management), and a nic for pfsync (4 NICs per machine).

Is this feasible and if so is it a reliable setup? I don't want to spend any more time on it if it isn't.

Thanks