Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - angab

Pages1
#1
17.7 Legacy Series / pfsync state table synchronization problem
August 30, 2017, 10:37:12 AM
Hi,
  I have 2 bridge firewalls with HA configured (no CARP). They sync both state table and configurations (fw rule, etc.), but when I reboot a fw they stop sync the state table but they keep sync the configurations.
They restart to sync the state table when I press the save button in the HA configuration page (System->High Availability->Settings) of the rebooted fw. The pfsync interface of the rebooted fw is not configured (syncpeer and syndev not set) until I press the save button.

When the 2 firewalls are sync the state table, I have the following in both the firewalls

Code Select
# ifconfig pfsync0
pfsync0: flags=41<UP,RUNNING> metric 0 mtu 1500
   groups: pfsync
   pfsync: syncdev: em4 syncpeer: 224.0.0.240 maxupd: 128 defer: off

when I reboot a fw, in the rebooted fw I have

Code Select
# ifconfig pfsync0
pfsync0: flags=0<> metric 0 mtu 1500
groups: pfsync
syncpeer: 0.0.0.0 maxupd: 128 defer: off

Firewall A - configurations
Code Select
    <opt2>
      <if>em4</if>
      <descr>pfsync</descr>
      <enable>1</enable>
      <spoofmac/>
      <ipaddr>10.0.0.1</ipaddr>
      <subnet>24</subnet>
    </opt2>

Code Select
  <hasync>
    <synchronizealiases>on</synchronizealiases>
    <synchronizerules>on</synchronizerules>
    <synchronizeusers>on</synchronizeusers>
    <synchronizesuricata>on</synchronizesuricata>
    <pfsyncpeerip/>
    <pfsyncinterface>opt2</pfsyncinterface>
    <synchronizetoip>10.0.0.2</synchronizetoip>
    <username>root</username>
    <password>********</password>
    <synchronizedhcpd>on</synchronizedhcpd>
    <synchronizenat>on</synchronizenat>
    <synchronizeschedules>on</synchronizeschedules>
    <synchronizestaticroutes>on</synchronizestaticroutes>
    <synchronizevirtualip>on</synchronizevirtualip>
    <synchronizednsforwarder>on</synchronizednsforwarder>
    <synchronizeipsec>on</synchronizeipsec>
    <synchronizeopenvpn>on</synchronizeopenvpn>
    <synchronizeshaper>on</synchronizeshaper>
    <synchronizecaptiveportal>on</synchronizecaptiveportal>
    <synchronizesquid>on</synchronizesquid>
    <synchronizednsresolver>on</synchronizednsresolver>
    <synchronizeauthservers>on</synchronizeauthservers>
    <pfsyncenabled>on</pfsyncenabled>
  </hasync>

Firewall B - Configurations
Code Select
    <opt2>
      <if>em2</if>
      <descr>pfsync</descr>
      <enable>1</enable>
      <spoofmac/>
      <ipaddr>10.0.0.2</ipaddr>
      <subnet>24</subnet>
    </opt2>

Code Select
  <hasync>
    <synchronizealiases>on</synchronizealiases>
    <synchronizerules>on</synchronizerules>
    <synchronizesuricata>on</synchronizesuricata>
    <pfsyncpeerip/>
    <pfsyncinterface>opt2</pfsyncinterface>
    <synchronizetoip/>
    <username/>
    <password/>
    <synchronizedhcpd>on</synchronizedhcpd>
    <synchronizenat>on</synchronizenat>
    <synchronizeschedules>on</synchronizeschedules>
    <synchronizestaticroutes>on</synchronizestaticroutes>
    <synchronizevirtualip>on</synchronizevirtualip>
    <synchronizednsforwarder>on</synchronizednsforwarder>
    <synchronizeipsec>on</synchronizeipsec>
    <synchronizeopenvpn>on</synchronizeopenvpn>
    <synchronizeshaper>on</synchronizeshaper>
    <synchronizecaptiveportal>on</synchronizecaptiveportal>
    <synchronizesquid>on</synchronizesquid>
    <synchronizednsresolver>on</synchronizednsresolver>
    <synchronizeauthservers>on</synchronizeauthservers>
    <synchronizecerts>on</synchronizecerts>
    <pfsyncenabled>on</pfsyncenabled>
  </hasync>


Thanks.
Pages1