Training: High Availability

High Availability (HA) in pfSense uses an active/passive pair of firewalls to provide hardware redundancy. This architecture offers:

• Increased redundancy options
• Less painful upgrades
• Seamless failover capabilities

HA relies on three separate functions working together:

• Uses multicast for announcements
• Every CARP VIP has a unique VHID (Virtual Host ID)
• CARP VIP is shared between VHID members
• VHID groups are password protected
• At least 3 public IPs required per WAN
• WAN needs at least a /29 subnet

• Syncs state table between the two HA members
• Enables seamless failover during an outage
• Can use multicast or unicast for updates
• No authentication for updates
• Likes a dedicated interface (recommended)

• Syncs configuration between HA members
• Syncs from primary to secondaries
• Only need to configure one firewall
• May not sync everything — packages are responsible for their own config sync

• At least one CARP VIP on WAN
• At least one CARP VIP on LAN
• Manual Outbound NAT to CARP VIP
• DHCP adjustments needed (use CARP VIP as default gateway)

ISP1
  |
[ HA Pair ] — LAN

ISP1     ISP2
  |        |
[   HA Pair   ] — LAN

• Dual master on CARP VIPs
• Loss of active connections on failover
• Loss of connectivity on failover

• Active/Passive pair
• Will need at least /29 of network space per WAN
• Use a unique VHID for every CARP VIP
• Use a separate private interface for pfSync data
• Packages are responsible for their own config sync
• Outbound NAT to CARP VIP
• DHCP adjusted for CARP VIP as default gateway

• Netgate pfSense Plus Fundamentals and Practical Application
• © 2017–2021 Rubicon Communications, LLC (Netgate)
• Source PDF: FUND001-LIVE-SLIDE-SEG10-HA.pdf