OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 17.7 Legacy Series »
  • Secondary FIrewall
« previous next »
  • Print
Pages: [1]

Author Topic: Secondary FIrewall  (Read 2845 times)

dragon2611

  • Jr. Member
  • **
  • Posts: 94
  • Karma: 4
    • View Profile
Secondary FIrewall
« on: October 19, 2017, 10:41:36 pm »
Does it cause any issues if the Primary firewall in a HA pair was physical and the secondary was a VM?

Nothing of much importance behind them, just doing Nat for my lab/playground/personal servers environment
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13695
  • Karma: 1177
    • View Profile
Re: Secondary FIrewall
« Reply #1 on: October 20, 2017, 08:34:30 am »
Works fine. Just make sure the "smaller" firewall can handle the peak of your traffic in case it needs to take over.


Cheers,
Framco
Logged

xupetas

  • Newbie
  • *
  • Posts: 41
  • Karma: 4
    • View Profile
Re: Secondary FIrewall
« Reply #2 on: October 20, 2017, 10:44:02 am »
Works beautifully. I recomend (and i think that the documentation recomends it too) that you have a dedicated interface for CARP.
Another recomendations include, using e1000 virtual cards on the interfaces that you will be using IDS with IPS active (suricata) because the virtio cards have an improper implementation / bug of netmap.
Finally (and i dont know if this a bug on the config or my very wierd configuration type) but on the CARP interfaces, you WILL HAVE TO set rules so the config sync mecanism and the CARP mecanism work.
Again i dont know if this should be done automaticly by opnsense, or if something is screwed on my config.
Logged

dragon2611

  • Jr. Member
  • **
  • Posts: 94
  • Karma: 4
    • View Profile
Re: Secondary FIrewall
« Reply #3 on: October 21, 2017, 12:57:47 pm »
Do you have to install packages you want to config sync on the second firewall or is it smart enough to do that automatically if you try to config sync an optional package.
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13695
  • Karma: 1177
    • View Profile
Re: Secondary FIrewall
« Reply #4 on: October 22, 2017, 11:58:24 am »
We don't want to rely on automatic package installation. There is still a ticket open to be able to register installed packages in the config.xml for such duties... at least to provide a reinstall button and/or a warning that not all plugins are properly installed.


Cheers,
Franco
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 17.7 Legacy Series »
  • Secondary FIrewall
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2