Redundancy - Best Practice

AtHomeWithpfSense · April 28, 2021, 9:56pm

Good afternoon all,

I have a question regarding “best practice” for my home network that I was hoping for some feedback on.

Is there any benefit to purchasing a Netgate SG-2100 with pfSense on it rather than buying a second Protectli 6 Port Vault and installing pfSense on it from a backup of my primary firewall?

BACKGOUND: I recently had to rebuild the firewall on my Vault after upgrading to version 2.5.0. I had three (3) backups of the vault with version 2.4.9 but they all failed when I tried to restore the system so I was thinking of buying an identical unit to have a redundant system available to prevent any downtime.

Any suggestions?

Thank you,

JT

neogrid · April 29, 2021, 9:05am

I’m a big fan of those Protectli 6 Port Vault boxes, though I could only afford a cheaper chinese knock off. While those Netgate devices do the job they just seem a bit expensive for what you get.

Why don’t you buy the identical box you already have then put it in a HA setup, you’ll probably only need an extra switch. Then you have redundancy and failover.

Yeah I don’t think you can do a restore to different version, though I haven’t tried it myself.

You need to keep a copy of the ISO along with your backups, if you haven’t then you won’t be able to download it from netgate once they release a new version.

LTS_Tom · April 29, 2021, 9:48am

If you want to use the same pfsense backup file having the same hardware is the way to go.

AtHomeWithpfSense · April 30, 2021, 8:02pm

Hi neogrid,

Thank you for your feedback. I recall messaging with you before when I setup my Vault after a failure several months ago.

I just found Toms’ video on this (pfsense HA / High Availability Setup and Testing Using CARP, XMLRPC & pfsync - YouTube). I’ll check it out tonight. If there are any others you’d recommend, I’d welcome the opportunity to view them or read more off-line.

Thank you very much!

JT

AtHomeWithpfSense · April 30, 2021, 8:06pm

Hi Tom,

Thank you. My system is running a lot better since we spoke last.

pfSense Vault - running well,
Unifi Cloud Key Gen2
Unifi 8 Port managed switch and mini flex switch
Unifi WAP
UPS to keep the pfSense box safe during power outages

Plan to replace current NVR with a Unifi system as the system ages.
NAS under consideration… need more research on building my home lab.

The homelab videos and podcasts have been great!

Stay well,

JT