- /
- /
- /
Determine IP Address Assignments
The first task is to plan IP address assignments. A good strategy is to use the lowest usable IP address in the subnet as the CARP VIP, the next subsequent IP address as the primary firewall interface IP address, and the next IP address as the secondary firewall interface IP address. This design is optional, any scheme may be used, but we strongly recommend a consistent and logical scheme to make design and administration simpler.
WAN Addressing
The WAN addresses will be selected from those assigned by the ISP. For the example in Table 1 , the WAN of the HA pair is 198.51.100.0/24, and the addresses 198.51.100.200 through 198.51.100.202 will be used as the WAN IP addresses.
Table 1: WAN IP Address Assignments
| IP Address | Usage |
| 198.51.100.200/24 | CARP shared IP address |
| 198.51.100.201/24 | Primary node WAN IP address |
| 198.51.100.202/24 | Secondary node WAN IP address |
LAN Addressing
The LAN subnet is 192.168.1.0/24. For this example, the LAN IP addresses will be assigned as shown in Table 2.
Table 2: LAN IP Address Assignments
| IP Address | Usage |
| 192.168.1.1/24 | CARP shared IP address |
| 192.168.1.2/24 | Primary node LAN IP address |
| 192.168.1.3/24 | Secondary node LAN IP address |
Sync Interface Addressing
There is no shared CARP VIP on this interface because there is no need for one. These IP addresses are used only for communication between the firewalls. For this example, 172.16.1.0/24 is used as the Sync subnet. Only two IP addresses will be used, but a /24 is used to be consistent with the other internal interface (LAN). For the last octet of the IP addresses, use the same last octet as that firewall’s LAN IP address for consistency.
Table 3: Sync IP Address Assignments
| IP Address | Usage |
| 172.16.1.2/24 | Primary node Sync IP address |
| 172.16.1.3/24 | Secondary node Sync IP address |