Hello all,
I am moving a client from a dedicated environment into a multi-tenant cloud environment. My question is around deployment of OPNsense virtual firewalls. Do folks deploy a single firewall vm or a two firewall vms in a clustered approach? My thought on a single firewall vm is to build it completely and then make an image, so if the running firewall dies I can deploy a replacement quickly. Wondering if someone had to solve for this.
Thanks,
Steve
CARP usually doesnt work in cloud environments
Quote from: mimugmail on December 07, 2023, 10:41:50 PM
CARP usually doesnt work in cloud environments
I thought as much, so that means my options are very limited. I basically would build the vm, create an image from the build, and keep the image in my catalog to deploy quickly.
What cloud provider?
Most of them support IPSEC VPNs. You really don't need a virtual device in the cloud unless you need something like Meraki that is a propitiatory connection.
Quote from: cliffwilliams44 on December 08, 2023, 05:23:26 PM
What cloud provider?
Most of them support IPSEC VPNs. You really don't need a virtual device in the cloud unless you need something like Meraki that is a propitiatory connection.
It's a VMware multi-tenant cloud provider. They could provide firewalls as a service but I prefer spinning up a vm and running OPNsense on it. OPNsense provides addtl functionality, that I would have to pay extra for.
Quote from: mimugmail on December 07, 2023, 10:41:50 PM
CARP usually doesnt work in cloud environments
It works as expected across a vSwitch at Hetzner.
Quote from: Patrick M. Hausen on December 08, 2023, 06:40:53 PM
Quote from: mimugmail on December 07, 2023, 10:41:50 PM
CARP usually doesnt work in cloud environments
It works as expected across a vSwitch at Hetzner.
My plan is for a 2 node OPNsense cluster in production and a 1 node firewall in DR.