Just looking for some thoughts/opinions on pfsense HA where there is a 2nd subnet involved.
To be more clear, The current design is a /29 which is terminated on 2 facing cisco routers (not HA), and then a /28 which is used internally for exposed devices.
The intent is to replace the cisco devices with 2 pfsense devices in HA, so 3 ip’s would be needed, completely understood there, but the /28, where do they sit ? do they just get assigned as virtual ip’s and will they just float between the active HA device?
I so far haven’t been able to find any clear documentation on pfsense for this sort of use case.
I welcome anyone’s comments who may have touched a similar config.
I saw your video and as usual super good video
Based on what your video shows the 2nd subnet on the WAN should just be added all as carp ip’s then ?
for example using fake ip’s of course.
10.10.10.0/29 WAN to ISP
so could be
10.10.10.1/29 ISP Gateway
10.10.10.2/29 PF - 1
10.10.10.3/29 PF - 2
10.10.10.4/29 PF - VIP/CARP
then
10.11.11.0/28
so
10.11.11.1/28 CARP
10.11.11.2/28 CARP
and so on.
then just build your 1 to 1 nat rules or whatever using the CARP ip rather than a normal virtual ips and they should float from one to the other as needed.
