Messages

1

General Discussion / Re: Transparent Filtering Bridge + CARP/pfsync for HA?

« on: November 28, 2024, 04:58:41 pm »

You are building a bridging loop. The main reason being that in FreeBSD STP is off by default.

Edit the bridge interface, click on "Show advanced options", add all bridge member interfaces to "STP interfaces".

Thx for this hint.... we had same issue here and this seems to be the resolution....

2

General Discussion / Re: No internet on LAN, no webgui or ssh access from LAN devices

« on: November 25, 2024, 09:20:14 pm »

We believe we have this behavior on a DEC3682. Is there any fix around for this appliance?

3

Hardware and Performance / Re: DEC3862 network interfaces outages

« on: November 25, 2024, 06:40:41 pm »

Did you ever fix this? Also have issues with DEC3862 here and Nics getting "stalled"....

4

Hardware and Performance / Re: DEC3862 various ethernet problem

« on: November 25, 2024, 06:34:35 pm »

I would expect that Deciso is aware of the issues with the Intel Nic and the DEC3862 and should provide fix or replacement?

5

High availability / Re: CARP Master randomly gets set to 1200 demotion level

« on: November 25, 2024, 06:01:13 pm »

No,  we are still having the issue since upgrading to 24.7.X.   It happens every 2 weeks or so.

Same here but more or less every 3 days.... using Zenarmor... we have a Ticket open with them now.... looks like something with netmap....

6

High availability / Re: CARP Master randomly gets set to 1200 demotion level

« on: November 25, 2024, 03:23:52 pm »

Did you ever fix this?

7

High availability / Re: CARP UNICAST - ISSUE MAC AGEOUT

« on: November 22, 2024, 06:10:03 pm »

Hi,
what exactly is the problem? You have flooded you network?

8

High availability / Re: 2 OPNsenses same WAN network Broadcast Flood

« on: November 22, 2024, 06:06:03 pm »

Did you ever solve this?

9

Zenarmor (Sensei) / Zenarmor causes issues with HA until set to bypass.

« on: November 06, 2024, 07:46:05 am »

We have a HA-Pair Deciso-Appliance here where Zenarmor is currently being evaluated.
We use CARP VIP with unicast, but this issue exists also when multicast was used.
About 12 VLANs and ZA is configured to protect only few of them and at least one dedicated interface.

Every few days and sometimes multiple times a day the firewalls get into split-brain or at least master stops processing traffic for some endpoints. For example 2 server in a subnet can communicate normal while other in the same subnet can not and are also not reachable per ping.

When we set Zenarmor to bypass everything returns to normal. Anyone had this issue already?

10

High availability / Re: Problems when enabling "Synchronize States"

« on: November 05, 2024, 12:14:09 pm »

Sorry to bring this up again,
we have the same issue here. State-Sync enabled on master and slave brings "split-brain" after some days. Disable state-sync system is smooth as butter.....

We are using Unicast-VIP but this issue exists even before 24.10_7 with multicast....

11

High availability / opnsenseBE (OPNsense 24.10_7) still sending Multicast while all VIPs are Unicast

« on: October 25, 2024, 07:23:20 am »

Hi,

we have a pair of Deciso-Appliances here running in HA-Setup for about 12 VLANs. All are configured for CARP/VIP in Unicast-Mode and have the configured the IP of the Slave for direct CARP.

However, when we do a traffic capture, we can still see that one last interface continues to send VRRP Announments to 224.0.0.18. This should not happen in Unicast mode right?

Code: [Select]

1 0.000000 192.168.201.3 224.0.0.18 VRRP 70 Announcement (v2)

12

General Discussion / Re: HA with 2 BGP sessions/transfer networks - asynchronous routing/NAT (configprob)

« on: October 15, 2024, 10:42:29 am »

Did you ever solve this? What you might need is an AS-Prepend on your "secondary", this will force traffic to the master and on failure it will go through slave....

13

24.7 Production Series / Re: New Dashboard

« on: September 29, 2024, 11:25:58 am »

Can we get the "picture" widget back? I actually use this. Seriously

I place the company logo of $customer on the dashboard so I always know which firewall I am working on at the moment.

My thouhts exactly !!!

Me too! Picture Widge is essential....

14

General Discussion / Re: Stateful PPPoE/CARP possible?

« on: September 06, 2024, 09:28:43 am »

Is this still an issue?
We have a Customer with one leased line and one pppoe for backup. Often the connection is sticked on the slave and does never come back to the master-node. We then need to reboot the slave to get the PPPOE-Connection back online on the master.

I guess it is not used to work like this?

15

24.1 Legacy Series / Re: No WAN after upgrade to 24.4

« on: August 19, 2024, 07:35:02 am »

@itngo Got any console output from these bad boot attempts?


Cheers,
Franco

We did not follow up on this furthermore, as another reboot did fix.
We had this with 2 or 3 virtuak opnsense also the last Update 24.4.2 Business.... there it was enough to use "restart all services" on console to fix the issue....