pfSense High availability mixed physical/virtual

Hi everyone!

I faced a problem a few weeks back that caused the cogs in my head to turn a few weeks ago.

After I updated my SG-5100 to 2.4.5 I had an utter failure. The system crashed turning the update and it wouldn’t successfully complete. I tried to do a recovery on it after the fact with a Netgate provided ISO and I was able to get back into production, but it had various issues that I later discovered had to do with a problem with the onboard eMMC storage.

I’ve since reinstalled the OS on an m.2 drive and haven’t had any issues. Perhaps too much logging wore out the NAND (the firewall was purchased in November)? That being said, shit happens, especially to me. I thought spending a mint on Netgate hardware would mitigate enough of that risk to keep me in production without much of an issue, but clearly I was wrong.

I know that generally speaking when you do HA clusters, especially in pfSense it is best practice to do them in identical pairs, but I have enough resources in my VMware host to potentially do an HA cluster, half physical with the SG-5100 and the other half in a VM. Is this something my friends here have ever messed around with doing?

Let me know what land mines lay ahead if you can :slight_smile:

We always recommend production HA systems be identical. It can work if they are not, but it’s important to match the network interfaces.

:rofl: Me too ! As a result I have a second cheap Chinese box which I can easily swap in. Also considered virtualisation but I’m still faffing around with my Proxmox setup.