1
24.1 Production Series / Problem accessing webgui with two CARPed OPNsense firewalls
« on: April 15, 2024, 10:40:22 am »
Good morning,
I have configured two OPNsense firewalls in HA mode using CARP. These firewalls connect via IPsec tunnel to CheckPoint firewalls. Everything works correctly: the hosts behind the OPNsense firewalls are reachable from the hosts behind the Checkpoint firewalls and viceversa, etc.
But the problem comes when I try to manage these OPNsense firewalls from a computer behind CheckPoint firewalls. I can always access the master node but never the backup node (neither by ssh nor by webgui.). If I shut down the master node, I can access the node that was backup without any problems both via ssh and webgui.
I have enabled "Disable reply-to on WAN rules" but nothing. Analysing the traffic that arrives to the node that I cannot access, I can see how the ssh and webgui requests arrive and do so through the IPsec tunnel, but do not return.
What could be the problem with the backup node, is it a routing problem through the IPsec tunnel?
Many thanks for your help.
I have configured two OPNsense firewalls in HA mode using CARP. These firewalls connect via IPsec tunnel to CheckPoint firewalls. Everything works correctly: the hosts behind the OPNsense firewalls are reachable from the hosts behind the Checkpoint firewalls and viceversa, etc.
But the problem comes when I try to manage these OPNsense firewalls from a computer behind CheckPoint firewalls. I can always access the master node but never the backup node (neither by ssh nor by webgui.). If I shut down the master node, I can access the node that was backup without any problems both via ssh and webgui.
I have enabled "Disable reply-to on WAN rules" but nothing. Analysing the traffic that arrives to the node that I cannot access, I can see how the ssh and webgui requests arrive and do so through the IPsec tunnel, but do not return.
What could be the problem with the backup node, is it a routing problem through the IPsec tunnel?
Many thanks for your help.