OPNsense Forum

English Forums => High availability => Topic started by: davburns on November 16, 2022, 11:00:38 pm

Title: pfSync and Transparent Filtering for HA in a complex network
Post by: davburns on November 16, 2022, 11:00:38 pm

I am wondering if I can use two OPNsense firewalls in transparent mode, synchronized with pfSync.  I read the HA documentation and it seems to exclusively deal with CARP. 

I know I can do this with more expensive cisco, Juniper, or Palo Alto firewalls, but I'm hoping to spend less (money) for a solution that is free-er (as in speech.)

Title: Re: pfSync and Transparent Filtering for HA in a complex network
Post by: nzkiwi68 on November 20, 2022, 09:19:57 pm

Yes, this would be possible.

A transparent filtering bridge, then an HA interface with an IP subnet to sync two OPNsense HA pair of firewalls.

Title: Re: pfSync and Transparent Filtering for HA in a complex network
Post by: Supermule on November 20, 2022, 10:04:29 pm

Do you have a link to any kind of network diagram or guide?

Title: Re: pfSync and Transparent Filtering for HA in a complex network
Post by: nzkiwi68 on November 22, 2022, 01:26:59 am

https://docs.opnsense.org/manual/how-tos/transparent_bridge.html (https://docs.opnsense.org/manual/how-tos/transparent_bridge.html)

Then, just setup your HA interface on opt2 or opt3 interface or whatever for sync between the firewalls.