OPNsense Forum
Archive => 17.7 Legacy Series => Topic started by: dragon2611 on October 21, 2017, 01:08:43 pm
-
If you have an HA pair of firewalls but the interfaces don't match the wrong rules will sync
For instance firewall1 terminates a GRE tunnel that isn't HA (And I can't be bothered to fix that as it's not cricital) so the GRE interface is opt1 and the CARP interface is OPT2
Firewall 2 doesn't have this interface so the CARP interface is OPT1, which means it gets the firewall policy for the GRE tunnel rather than the one for the CARP interface.
Would be good if there was some way to manually pair them, or parse the name/description rather than assuming both firewalls are identical