Good day everyone, I am a IT Administrator for a business and need some help getting a pfSense HA setup working. Now I have used this guide https://vorkbaard.nl/how-to-set-up-pfsense-high-availability-hardware-redundancy/ The system works great and have no issues with pfSense. My issue comes from our ISPs equipment. Our ISP has a Cisco asr 1001-1. They only have one interface for us to use, which means we can only plug in one pfSense box at a time. Does anyone know how we can have both connected and working together. Keep in mind we do run our own phone system that runs on the WAN VIP. Also, I apologize if I am not great at explaining or understanding I am a college student and I am doing my best.
thinking loudly here:
Can you add a switch between cisco and the 2 pfsenses? A switch which has the needed features for the phone system?
Try this, if it doesnt work, then only 1 ip is accepted through cheir cisco, i guess.
Sure you add another point of failure, but i cant see another way around it. you could maybe use a ethernet cable-splitter as well, but dunno if phone features goes through those small components.
mined,
I have tried a cisco linksys switch in between the router and the pfsense boxes with that it shuts off internet access and phones and i haven’t checked to see if there was anything I can do to fix it. As for the IP address part I think you may be on to something. We used to have a fortigate 100d that you could have multiple ip addresses on the wan with the same setup but it came through one port. By chance do you think that the router may only allow one mac address through the port? This would explain why it can’t figure out what to do with two plugged into the switch. If this is the case could spoofing the main pfsense boxes mac work?
i would call the provider for the cisco box first,
if they say no, then there might be away to copy the MAC from fw1 to fw2 when there is a failure.
or, you might as well go the more primitive way:
1 have fw1 plugged in to the cisco,
2 have fw2 only plugged into the switch
3 have fw 1 and 2 syncing everything between them,
4 when there is a failure on fw1, have someone go to the equipment have make them unplug fw1 and plugin fw2 into the cisco.