Implementing a CARP failover group requires an additional investment in hardware. Namely, you must have access to the following hardware to complete this recipe, in addition to your primary firewall:
- A secondary firewall that is an exact copy of the first.
- A router for the WAN side of the network, one that will provide a way of connecting both the primary and secondary firewall to the ISP.
- A crossover cable, to provide a way of connecting the pfsync interfaces on the primary and secondary firewalls.