1
High availability / Certificates synchronization
« on: May 08, 2023, 03:12:00 pm »
Hi,
I'm running two firewalls in HA mode and sync from fw1 to fw2 works great. I also have OpenVPN server on both of them and when first fw goes down I use second one as OpenVPN server as VRRP address becomes primary there. That means that I need to have all the user certificates on a secondary server.
For Web interface I'm using ACME certificate and fw1.domain.com is different from fw2.domain.com.
If I enable synchronization of certificates - the sync process transfers all certificates, including fw1.domain.com and deletes the certificate for fw2.domain.com that I'm using on secondary firewall for web interface.
Is there an option to add "don't delete certificates on secondary server" setting on the synchronization configuration page?
Cheers, Jan Zorz
I'm running two firewalls in HA mode and sync from fw1 to fw2 works great. I also have OpenVPN server on both of them and when first fw goes down I use second one as OpenVPN server as VRRP address becomes primary there. That means that I need to have all the user certificates on a secondary server.
For Web interface I'm using ACME certificate and fw1.domain.com is different from fw2.domain.com.
If I enable synchronization of certificates - the sync process transfers all certificates, including fw1.domain.com and deletes the certificate for fw2.domain.com that I'm using on secondary firewall for web interface.
Is there an option to add "don't delete certificates on secondary server" setting on the synchronization configuration page?
Cheers, Jan Zorz