I have a HA pair of NetGate 8100s running in an HA configuration. I have PFBlocker installed on both. Sync via XMLRPC is configured and working as expected. When the DNSBL virtual IP address is configured as IP Alias, the client browsers display the expected PFBlocker block-page. The floating rules are in place and allow the IP Alias (accessed via localhost) to be pinged successfully. When I switch to CARP for the DNSBL type, the changes are reflected correctly on the slave unit but after the forced updates, I lose connectivity with the VIP (still accessed via localhost). The floating rules are still in place and PFBlocker is still working but instead of clients being sent to a block page, the browser is unable to connect to the VIP and we get a blank webpage with an error saying the site can’t be reached.
Any thoughts or insight on this are appreciated as I’m just scratching my head.