OPNsense Forum

English Forums => General Discussion => Topic started by: Hektor on January 24, 2016, 03:59:17 pm

Title: Hyper-V VM for fault tolerance with CARP and active/active firewall?
Post by: Hektor on January 24, 2016, 03:59:17 pm

Hello,

I wonder if it's supported to set up 2 OPNsense firewalls as two separate but identically configured virtual machines on Microsoft Hyper-V Server 2012 R2 with full CARP support?

I know that it's possible to set up an active/active firewall with CARP from some years ago when CARP was introduced to and by OpenBSD. I did that with "real" hardware though :-)

I need the following functionalities:
- NAT and basic firewall rules
- if available some content filtering especially for HTTP and SMTP/mail traffic
- perhaps some HTTP proxy/squid
- perhaps some guest network access
- perhaps some snort/IDS/amavisd
- perhaps some monitoring with darkstat/ntop or something similar

Since the current firewall is just a so called "FRITZ!Box" (some very nice and stable Linux-based hardware router) everything above that is better :-)

If it's possible:
How could I install and configure the 2nd VM? Can I simply export the 1st Hyper-V VM with all settings, VHDX files etc. and set it up on another Hyper-V host? Changing hostname, IP addresses and setting up CARP, of course.

Has anybody done this before? Perhaps with pfSense?

Regards

Title: Re: Hyper-V VM for fault tolerance with CARP and active/active firewall?
Post by: weust on January 24, 2016, 09:30:07 pm

I not a big fan of exporting in this case.
I would create a new VM and export the basic settings.
But it should be possible I guess.

One recommendation would be to set static MAC addresses for the network adapters.