Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
High availability
»
Question about carp with 1 VIP
« previous
next »
Print
Pages: [
1
]
Author
Topic: Question about carp with 1 VIP (Read 1836 times)
epytir
Newbie
Posts: 2
Karma: 0
Question about carp with 1 VIP
«
on:
March 17, 2023, 12:01:39 pm »
Hello,
im new to opnsense and moving our firewall from sonicwall to opnsense.
I have a question.
I have configured HA with CARP like
1 WAN Address for both Firewalls + 1 VIP
1 MGM Address for both Firewalls + 1 VIP
PFSync Interface 1 IP for Firewall1 and 1 for Firewall2
like 20 VLAN Interfaces with ONLY 1 VIP no physical IP on the interfaces
I tested a HA last week and this was working totally fine and everything got successfully transfered to the backup FW.
In the docs I read now, that you normally have to have 3 IPs with every VLAN..
In my case this is not possible because we got a lot of small vlans with not enough ips for that. Because my HA was successful whats the negative point in only having WAN and MGM with 3 IPs and all other vlans only got 1 ?
Thanks for your help
Epytir
Logged
MajStealth
Newbie
Posts: 14
Karma: 1
Re: Question about carp with 1 VIP
«
Reply #1 on:
March 27, 2023, 11:03:05 am »
You would want to have an IP in said VLAN-range so that you could contact the FW´s in said VLAN-segment directly, individually.
of course one could open up the lan-ip/VIP from any other vlan, if your ruleset allows that.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
High availability
»
Question about carp with 1 VIP