How to install pfSense Cluster using CARP

line5

pfsense.jpg

This guide is divided into 4 sections

01 IP address configuration
02 Firewall rule
03 CARP settings
04 Virtual IPs

And also keep in mind that we are using pfSense 2.2.6 version for the tutorial

pfsense cluster 02

01. IP address configuration

Each master and slave device should be equipped with 3 network cards (WAN, LAN and synchronization)

pfSense master

install 3 network cards with appropriate IP configuration

WAN : 192.168.91.149 / 24
LAN : 192.168.4.21 / 24
SYNC : 192.168.10.21 / 24

configure virtual ip addresses for WAN and LAN only on master. These settings will be replicated to the slave [creating virtual IPs will be discussed later in 4th section]

WAN virtual ip : 192.168.91.10 / 24
LAN virtual ip : 192.168.4.10 / 24

pfSense slave

install 3 network cards with appropriate IP configuration

WAN : 192.168.91.150 / 24
LAN : 192.168.4.22 / 24
SYNC : 192.168.10.22 / 24

02. Firewall rule

configure firewall rules on both master and slave (same configuration for both devices)

go to “Firewall” —> “Rules” and select “sync” interface

11.jpg

configure following settings and save

interface : SYNC
protocol : any

22.jpg

03. CARP settings

pfSense slave

go to “Firewall” —> virtual IPs and click CARP settings tab

tick synchronize status
select interface “sync”

carp 00.jpg

pfSense master

go to “Firewall” —> virtual IPs and click CARP settings tab

tick synchronize status
select interface “sync”

and provide

slave machine sync IP address
username and password of slave machine

carp 01.jpg

and don’t forget to tick the following boxes

Synchronize Rules
Synchronize NAT
Synchronize Virtual IPs

carp 02.jpg

carp 03.jpg

04. Virtual IPs

as stated in the early part of the guide we have to create two LAN and WAN virtual IPs.

go to Firewall —> Virtual IPs  and click plus sign

WAN virtual IP

virtual IP 1 wan.jpg

LAN virtual IP

virtual IP 1 LAN.jpg

after creating virtual IPs the system will look like this

virtual IP 1.jpg

Testing

After implementing the cluster, conduct testing to make sure it is working in a event of a failover / disaster.

Advertisements