Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
Secondary FIrewall
« previous
next »
Print
Pages: [
1
]
Author
Topic: Secondary FIrewall (Read 4136 times)
dragon2611
Jr. Member
Posts: 94
Karma: 4
Secondary FIrewall
«
on:
October 19, 2017, 10:41:36 pm »
Does it cause any issues if the Primary firewall in a HA pair was physical and the secondary was a VM?
Nothing of much importance behind them, just doing Nat for my lab/playground/personal servers environment
Logged
franco
Administrator
Hero Member
Posts: 17482
Karma: 1589
Re: Secondary FIrewall
«
Reply #1 on:
October 20, 2017, 08:34:30 am »
Works fine. Just make sure the "smaller" firewall can handle the peak of your traffic in case it needs to take over.
Cheers,
Framco
Logged
xupetas
Jr. Member
Posts: 55
Karma: 5
Re: Secondary FIrewall
«
Reply #2 on:
October 20, 2017, 10:44:02 am »
Works beautifully. I recomend (and i think that the documentation recomends it too) that you have a dedicated interface for CARP.
Another recomendations include, using e1000 virtual cards on the interfaces that you will be using IDS with IPS active (suricata) because the virtio cards have an improper implementation / bug of netmap.
Finally (and i dont know if this a bug on the config or my very wierd configuration type) but on the CARP interfaces, you WILL HAVE TO set rules so the config sync mecanism and the CARP mecanism work.
Again i dont know if this should be done automaticly by opnsense, or if something is screwed on my config.
Logged
dragon2611
Jr. Member
Posts: 94
Karma: 4
Re: Secondary FIrewall
«
Reply #3 on:
October 21, 2017, 12:57:47 pm »
Do you have to install packages you want to config sync on the second firewall or is it smart enough to do that automatically if you try to config sync an optional package.
Logged
franco
Administrator
Hero Member
Posts: 17482
Karma: 1589
Re: Secondary FIrewall
«
Reply #4 on:
October 22, 2017, 11:58:24 am »
We don't want to rely on automatic package installation. There is still a ticket open to be able to register installed packages in the config.xml for such duties... at least to provide a reinstall button and/or a warning that not all plugins are properly installed.
Cheers,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
Secondary FIrewall