Questions about PF + Multiple gateways + CARP on a public ip
network
kevin
k at kevinkevin.com
Wed Feb 16 20:59:29 UTC 2011
>If you only have one gateway, then you have nothing to worry about for
>this part.
They provide a gateway address for each subnet they allocate to me -- which
probably is assigned to the same device for them, but I would need to
establish these rules in my freebsd firewall , correct?
>If you expect a lot of traffic, I recommend you do NOT use pfsync to
>synchronize existing sessions on the backup firewall.
Why not? Is this a generally accepted practice not to use pfsync because of
this? How much traffic is too much? The firewalls should average about 5,000
- 10,000 states on any given day, afaik.
Im more worried about failover than I am about states being kept, but it
would be nice to utilize pfsync if it wouldn't be too risky.
Thanks,
Kevin
More information about the freebsd-pf
mailing list