Messages

Same for me .. Do you have any fix?

This is how the network look like

Hello,

i have two firewalls (fw01 and fw02)

FW01 (172.16.3.5) is connected over crossover with FW02(172.16.3.6)
Both can ping each other.

On FW02 i have a openVPN Server. When i connect to FW02 with my client i can reach 172.16.3.6 but not FW01 and i dont get the issue.

For now i ve allowed any traffic via rule. But still not working.

Do you have any advice for me? (s. screenshots)

After setting up CARP VIP the synchronisation works.

Thanks for your feedback

Maybe there is a problem matching the interfaces of FW01 and FW02 ?

How does the synchronisation map firewall rules/interfaces from FW01 to the correct corresponding interface on FW02 ? By name? Or is there a mapping table?

ok let me describe it in another way

FW02 (slave) has a rule which allows traffic from FW01 on the "Synchronize Interface". Without that rule everything from FW01 is denied (default)

When FW01 synchronizes configurations to FW02 (System -> HA -> Settings -> Perform synchronization) that rule is removed and then connection between FW01 and FW02 is down.

I ve to say that i didn't setup carp for now. Maybe this is the issue?

Hello,

i ve setup HA between 2 Firewalls on Interface1. FW01 and FW02 are connected directly via CrossOverCable.

ofc i ve configured rules on interface1 which allows traffic from fw01 to fw02 and vice versa.

The problem is after synchronisation the rule on fw02 (slave) dissappears and master (fw01) is not able to process any further syncronisation (because it is copied from master). I also tried to put the rule on master but it didn't help. I guess opnsense first removes the rule from slave and after then it is not able to synchronize anything.

How do you manage this?

BR