What are Virtual IP Addresses?

From PFSenseDocs

A Virtual IP is any IP address usable by pfSense that is not an interface's main IP address. These come in several different forms, each of which have their own features. Virtual IPs are used to allow pfSense to properly forward traffic for things like NAT port forwards, Outbound NAT, and 1:1 NAT. They also enable features like failover, and can allow services on the pfSense router to bind to different IP addresses.

This page provides a basic overview of Virtual IPs. The most complete information on VIPs can be found in the pfSense book.

Contents 1 Virtual IP Address Types 1.1 CARP 1.2 Proxy ARP 1.3 Other 1.4 IP Alias

Virtual IP Address Types

From this forum post by hoba, with some additions.

CARP

• Can be used by the firewall itself to run services or be forwarded
• Generates Layer2 traffic for the VIP
• Can be used for clustering (master firewall and standby failover firewall)
• The VIP has to be in the same subnet as the real interface's IP
• Will respond to ICMP ping if allowed by firewall rules.

Proxy ARP

• Can not be used by the firewall itself but can be forwarded
• Generates Layer2 traffic for the VIP
• The VIP can be in a different subnet than the real interface's IP
• Will not respond to ICMP ping.

Other

• Can be used if the Provider routes your VIP to you anyway without needing Layer2 messages
• Can not be used by the firewall itself but can be forwarded
• The VIP can be in a different subnet than the real interfaces IP
• Will not respond to ICMP PING.

IP Alias

Available in version 2.0.

• Adds extra IP addresses to an interface.
• Can be used by the firewall itself to run services or be forwarded.