Quote from: Shayoo on November 29, 2025, 12:34:54 PMHi,
Thank you for the clarification, that makes sense now.
I appreciate the quick and detailed response.
Quote from: viragomann on November 28, 2025, 05:23:42 PMYou need to add the rule to the interface, which the traffic is going out.
If you want to access the LAN IP of the secondary, the packets will go out on the LAN interface. If you access the SYNC interface, the packets go out on SYNC.
Its wise to use ever the same IP to access the firewall. So you need the rule only on a single interface.
And of course you should limit the rule to the admin source and to the secondary as destination.
Best to use an alias, which includes both, the IP of the primary and secondary, so you can sync the rules to the secondary and it will also work in case it has the master role.