Setup:
ISP Router > OPNsense VIP (192.168.10.253)
FW01 = 192.168.10.1
FW02 = 192.168.10.2
The firewalls are virtualised and are in HA on the VIP of 192.168.10.253
I've just spend ages trying to troubleshoot an issue whereby I could not access a test Wordpress website that is behind my OPnsense firewalls in HA.
Initial thoughts were:
1. I hadn't setup a firewall rule or a NAT rule properly
2. Double NAT was interfering
I've now located and pinpointed the exact cause which is the outbound NAT which I have set to manual as per the documentation when using HA. As soon as I set it back to automatic, I am able to access my Wordpress website remotely.
My outbound manual NAT rules consist of the following:
Rule 1:
Interface = WAN
Source = Any
Source Port = *
Destination = *
Destination Port = *
NAT address = WAN VIP
NAT Port = *
Static Port = No
Rule 2:
Interface = WAN
Source = Any
Source Port = *
Destination = *
Destination Port = 500
NAT address = WAN VIP
NAT Port = *
Static Port = Yes
I have attempted to set a manual rule which reflects the automatic rule which essentially sets the NAT address to 'WAN'. This however has now helped.
For the time being I have set the NAT back to automatic but this will not mean full HA.
Has anyone got any ideas on what I could have done wrong?
Thank you in advance.
bump