Netgate SG-1000 microFirewall

Author Topic: HA and CARP for the DMZ  (Read 68 times)

0 Members and 1 Guest are viewing this topic.

Offline sschaffert

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
HA and CARP for the DMZ
« on: March 08, 2018, 04:42:40 pm »
I am working on setting up High Availability using two pfsense firewalls on one WAN. I understand how to setup the WAN and LAN with fixed IPs and Virtual IPs. The question is this: I have well over 100 Virtual IPs on the WAN (I have a Class C block) that are 1:1 NATed to Internal IPs in the DMZ. I'm pretty sure a I will need to setup fixed and virtual gateway IPs just like the WAN and LAN. How do I handle the Virtual IPs? or do I even need to? Will they just work when everything is setup for CARP? I've read a lot of info about setting up HA and CARP, but the DMZ setup is not covered anywhere that I have found. Running 2.4.2-RELEASE-p1. Thank you in advance for either the help or pointing me to a link with the info I need.

Offline dotdash

  • Hero Member
  • *****
  • Posts: 1966
  • Karma: +103/-3
    • View Profile
Re: HA and CARP for the DMZ
« Reply #1 on: March 08, 2018, 04:46:41 pm »
Think of the DMZ as another LAN segment. It will need a CARP VIP to float between the firewalls. The Public IPs you are using for 1-1 NAT will just be CARP VIPs off the WAN.