"carp" should also be included in discoveries alongside pfsync. carp functions like cisco/juniper/etc VRRP to enable real-time failover. With pfsync being a stateful firewall a lot of care needs to happen with failovers. carp + pfsync allow you to run multiple hot pfsync firewalls that have synchronized state and have near-instant failover without state-related hiccups.We use pf+pfsync+carp extensively over in FreeBSD.org as well. It's good stuff!
No comments yet.