Hi Peter, Peter Hessler wrote, > if the addresses on the carp interface are out of sync, then the hashes > won't mash, and the firewalls *WILL* conflict with each other. > > I recommend one IP per carp interface. Far nicer in case you screw that > bit up, and much easier to balance IPs to one system or the other.
Thanks for the hints. The previous firewall is managed via fwbuilder, which does manage all the ip aliases for the wan interface for us. It seems fwbuilder has some support for carp, but I am not sure it will work with ip aliases. Thanks so far Waldemar