We have a HA-Pair Deciso-Appliance here where Zenarmor is currently being evaluated.
We use CARP VIP with unicast, but this issue exists also when multicast was used.
About 12 VLANs and ZA is configured to protect only few of them and at least one dedicated interface.
Every few days and sometimes multiple times a day the firewalls get into split-brain or at least master stops processing traffic for some endpoints. For example 2 server in a subnet can communicate normal while other in the same subnet can not and are also not reachable per ping.
When we set Zenarmor to bypass everything returns to normal. Anyone had this issue already?
What do the logs say OPNsense General and ZenArmor notification?
Anything weird ongoing there?
Do you see something in the reports of Live sessions in ZA? Any block?
Regards,
S.
You can be sure that we will continue to update you through the ticket you created.