I am setting up a new proxmox cluster for HA on my services. I want to be able to switch the host my pfsense router is running on so I can take one of the hosts down without losing internet. I was wondering what the best way to go about this would be. I know pfsense has a HA clustering solution but I was thinking letting proxmox handle the HA side might be easier. Does anyone have experience with either of these options? What would be the pros/cons of each option?
- doing ha in proxmox will not cover you or some error in pfsense bringing the firewall down, whereas having two of them will cover you in some cases
- Doing ha in pfsense will mostly preserve connection states in case of a fail over, but depending on the amount of time it takes for the switching component to realize the VIPs have moved you may still have some interruptions, doing the switch in proxmox will not require syncing the connection tables
- Configuring ha in pfsense is non trivial, especially if you have a complex VLAN setup
- If it was for learning purposes I would do both, and decide with real data points
1 Like