Show Posts
1
17.7 Legacy Series / pfsync state table synchronization problem
« on: August 30, 2017, 10:37:12 am »
Hi,
I have 2 bridge firewalls with HA configured (no CARP). They sync both state table and configurations (fw rule, etc.), but when I reboot a fw they stop sync the state table but they keep sync the configurations.
They restart to sync the state table when I press the save button in the HA configuration page (System->High Availability->Settings) of the rebooted fw. The pfsync interface of the rebooted fw is not configured (syncpeer and syndev not set) until I press the save button.
When the 2 firewalls are sync the state table, I have the following in both the firewalls
when I reboot a fw, in the rebooted fw I have
Firewall A - configurations
Firewall B - Configurations
Thanks.
I have 2 bridge firewalls with HA configured (no CARP). They sync both state table and configurations (fw rule, etc.), but when I reboot a fw they stop sync the state table but they keep sync the configurations.
They restart to sync the state table when I press the save button in the HA configuration page (System->High Availability->Settings) of the rebooted fw. The pfsync interface of the rebooted fw is not configured (syncpeer and syndev not set) until I press the save button.
When the 2 firewalls are sync the state table, I have the following in both the firewalls
Code: [Select]
# ifconfig pfsync0
pfsync0: flags=41<UP,RUNNING> metric 0 mtu 1500
groups: pfsync
pfsync: syncdev: em4 syncpeer: 224.0.0.240 maxupd: 128 defer: offwhen I reboot a fw, in the rebooted fw I have
Code: [Select]
# ifconfig pfsync0
pfsync0: flags=0<> metric 0 mtu 1500
groups: pfsync
syncpeer: 0.0.0.0 maxupd: 128 defer: offFirewall A - configurations
Code: [Select]
<opt2>
<if>em4</if>
<descr>pfsync</descr>
<enable>1</enable>
<spoofmac/>
<ipaddr>10.0.0.1</ipaddr>
<subnet>24</subnet>
</opt2>
Code: [Select]
<hasync>
<synchronizealiases>on</synchronizealiases>
<synchronizerules>on</synchronizerules>
<synchronizeusers>on</synchronizeusers>
<synchronizesuricata>on</synchronizesuricata>
<pfsyncpeerip/>
<pfsyncinterface>opt2</pfsyncinterface>
<synchronizetoip>10.0.0.2</synchronizetoip>
<username>root</username>
<password>********</password>
<synchronizedhcpd>on</synchronizedhcpd>
<synchronizenat>on</synchronizenat>
<synchronizeschedules>on</synchronizeschedules>
<synchronizestaticroutes>on</synchronizestaticroutes>
<synchronizevirtualip>on</synchronizevirtualip>
<synchronizednsforwarder>on</synchronizednsforwarder>
<synchronizeipsec>on</synchronizeipsec>
<synchronizeopenvpn>on</synchronizeopenvpn>
<synchronizeshaper>on</synchronizeshaper>
<synchronizecaptiveportal>on</synchronizecaptiveportal>
<synchronizesquid>on</synchronizesquid>
<synchronizednsresolver>on</synchronizednsresolver>
<synchronizeauthservers>on</synchronizeauthservers>
<pfsyncenabled>on</pfsyncenabled>
</hasync>
Firewall B - Configurations
Code: [Select]
<opt2>
<if>em2</if>
<descr>pfsync</descr>
<enable>1</enable>
<spoofmac/>
<ipaddr>10.0.0.2</ipaddr>
<subnet>24</subnet>
</opt2>
Code: [Select]
<hasync>
<synchronizealiases>on</synchronizealiases>
<synchronizerules>on</synchronizerules>
<synchronizesuricata>on</synchronizesuricata>
<pfsyncpeerip/>
<pfsyncinterface>opt2</pfsyncinterface>
<synchronizetoip/>
<username/>
<password/>
<synchronizedhcpd>on</synchronizedhcpd>
<synchronizenat>on</synchronizenat>
<synchronizeschedules>on</synchronizeschedules>
<synchronizestaticroutes>on</synchronizestaticroutes>
<synchronizevirtualip>on</synchronizevirtualip>
<synchronizednsforwarder>on</synchronizednsforwarder>
<synchronizeipsec>on</synchronizeipsec>
<synchronizeopenvpn>on</synchronizeopenvpn>
<synchronizeshaper>on</synchronizeshaper>
<synchronizecaptiveportal>on</synchronizecaptiveportal>
<synchronizesquid>on</synchronizesquid>
<synchronizednsresolver>on</synchronizednsresolver>
<synchronizeauthservers>on</synchronizeauthservers>
<synchronizecerts>on</synchronizecerts>
<pfsyncenabled>on</pfsyncenabled>
</hasync>
Thanks.