- Primary node
Firewall - Firtual IPs - Add Virtual IP (Type CARP) for Interface that is in same subnet as normal IP for the interface. Choose same subnet mask. Choose unique VHID. Set skew to 0 or 1.
- Both nodes
Setup dedicated HA interface with one IP per host in same subnet
- Both nodes
Firewall Rules Allowing HA to any
- Both nodes
System - High Avail. Sync - Check Sync States - Choose sync interface - Enter sync IP of opposing Peer
- Both nodes
Set same admin user password
- Primary node
System High Avail. Sync - Enter IP of secondary host in Synchronize Config to IP
- Primary node
System High Avail. Sync - Remote System Username: admin
- Primary node
System High Avail. Sync - Remote System Password: Same password as in step before
- Primary node
System High Avail. Sync - Check all desired Flags for sync
- Primary node
Firewall - NAT - Outbound - Select Manual Outbound NAT
- Primary node
Firewall - NAT - Outbound - Select CARP IP for IP Masquerading instead of interface IP
- Primary node
Services - DHCP - <<interface>> Default Gateway enter CARP IP
- Primary node
Services - DHCP - set DNS Server to CARP IP
- Primary node
Services - DHCP - Failover peer IP: enter IP of secondary node within that subnet.
- pfSense 2.4.4p3
- Install pfblocker developement package
- run pfblocker wizard
- pkg install flashrom
- flashrom -r backup-bios.rom -p internal (backup)
- flashrom -w apu4_v4.13.0.2.rom -p internal (install new one)
- reboot