Text only | Text with Images

OPNsense Forum

English Forums => High availability => Topic started by: spetrillo on April 13, 2023, 05:36:27 PM

Title: High Availability with Two OPNsense Virtual Firewalls
Post by: spetrillo on April 13, 2023, 05:36:27 PM
Hello all,

Is there a good document that details the steps to make two OPNsense vms highly available?

Thanks,
Steve
Title: Re: High Availability with Two OPNsense Virtual Firewalls
Post by: Patrick M. Hausen on April 13, 2023, 06:05:46 PM
It's the same as with dedicated hardware firewalls. Make sure the virtual network interfaces are created in exactly the same order, then follow the documentation.
Title: Re: High Availability with Two OPNsense Virtual Firewalls
Post by: bimbar on May 08, 2023, 03:52:55 PM
There are some issues with vmware, promiscuous mode and CARP.

For example: https://kb.vmware.com/s/article/2144849

https://docs.netgate.com/pfsense/en/latest/troubleshooting/high-availability-virtual.html#hypervisor-users-especially-vmware-esx-esxi
Title: Re: High Availability with Two OPNsense Virtual Firewalls
Post by: Patrick M. Hausen on May 08, 2023, 04:01:44 PM
Wouldn't you run your two virtual firewalls on two different ESXi hosts? Doesn't make much sense on a single one, does it? That's probably why I never experienced this problem. I have been running virtual firewalls in HA configurations for years.
Title: Re: High Availability with Two OPNsense Virtual Firewalls
Post by: bimbar on May 10, 2023, 02:05:47 PM
This can also happen if you have only one firewall on an ESXi, at least that's what happened to my setup with one virtual and one in hardware.
Text only | Text with Images