OPNsense Forum
English Forums => High availability => Topic started by: terrrorr on February 16, 2021, 02:36:48 am
-
Dear OPNSense Development team
I am not sure how that conversation has gone, but it sounds quite odd decision to remove automated synchronization options from your product. Maybe there are some real issues you were not able to fix it, but taking huge steps backwards
That said, my long time partner made decision to find other firewall product because they came in conclusion that using your support is pointless. Conversations were fruitless and therefore they felt that they were left alone with the "problem".
I personally find it odd that typical solutions which has been used for quite some time is suddenly is so bad that it cannot be fixed... or you do not have any means to find replacement which would support your needs. Was it actually so bad and broke your system that you had to remove it fully? Making these kind of decisions not only affect to you and your money but also your reputation. I hope others does not see your situation as dire as my partner.
You should understand that corporates does not buy products or support because it costs something They pay money because they want to have good service which fits to their business case... unfortunately your decision drove paying customer to find alternative solution. Yes, that is life, but as a old network engineer, I just cannot recommend your products.
From your business case point of view, I hope you will find proper solution at some day... hopefully sooner than later. In a meanwhile, I will leave you alone and hope that later, when I come back to check how things has progressed, I will find your product suitable for my customers
Happy developing
-
Every customer I tell, that when you lock out yourself from FW1 via a stupid firewall rule wont kick you out of FW2 since config is synced manually totally understands and supports this design.
-
Hi mimugmail,
So, from your point of view its better that I forgot to apply rules on secondary firewall and once my primary firewall fails, suddenly I have service related issue which comes as a surprise. Do you think anyone would suspect that firewall blocks that traffic and do not insists that you have issues on your servers? IT will lose time and business loses money, its that simple
If you have heard Commit Confirmation functionalities, which some firewall vendors does, that would prevent you to lock your self out.
I am not sure how your though process applies in situation if you are using dynamic routing protocols? Even you lock yourself out, most likely your master is still master
-
Hm, I don't get the problem. Just sync the config after every bigger change ... it's just a line in your change request process checklist.
You can also add a new action with rc.filter_synchronize as command and then do the sync regulary via cron
-
Is Sync from Master to Backup going away?
-
Is Sync from Master to Backup going away?
No, its just a manual process
-
Only for you ;)
https://www.reddit.com/r/OPNsenseFirewall/comments/lto37l/new_community_plugin_ha_config_sync_and_reload/
-
next time I recommend to open an issue/feature request for that..
https://github.com/opnsense/core/issues/4604
-
Yes all tickets welcome!
Cheers,
Franco