Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
Installing new 18.1 release in HA
« previous
next »
Print
Pages: [
1
]
Author
Topic: Installing new 18.1 release in HA (Read 3999 times)
guest15512
Guest
Installing new 18.1 release in HA
«
on:
January 30, 2018, 08:23:49 am »
Hi all,
I am planning a new OPNSense installation using 18.1 release in my home virtual infrastructure. My idea is to install two OPNSense virtual fws in HA. But I have several doubts about how to manage and maintain them. My questions:
- When you configure two pairs of OPNSensne appliances as CARPed fws, where do you configure rules: on both nodes, on master node, on backup node?
- Are all objects defined in GUI (like networks, hosts, services, but not initial configuration) replicated on both nodes? Does it matter which node the configuration is performed on?
- What configuration is replicated in both nodes: fw rules, ips rules, all, nothing?
- What about all other services provided by OPNSense out of the box: proxy (transparent mode), SSL-VPN, IPSec, IPS? Do I need to configure every service in both nodes or only in one node?
- Using an external PKI for OpenVPN and transparent proxy: how is it managed with OPNSense? Do I need to create a certificate for every o node or can I configure a certificate assigned to a virtual name on both nodes when firewalls are configured as a OpenVPN servers?
Many thanks
Logged
jschellevis
Administrator
Full Member
Posts: 156
Karma: 37
Re: Installing new 18.1 release in HA
«
Reply #1 on:
January 30, 2018, 09:11:37 am »
Let me try to answer your questions:
- When you configure two pairs of OPNSensne appliances as CARPed fws, where do you configure rules: on both nodes, on master node, on backup node?
> You need to configure new rules on the master node and sync them to the backup
- Are all objects defined in GUI (like networks, hosts, services, but not initial configuration) replicated on both nodes? Does it matter which node the configuration is performed on?
> Configure on master.
- What configuration is replicated in both nodes: fw rules, ips rules, all, nothing?
> Take a look at the configuration page under System->High Availability->Setting and you will see everything that can be synced automatic.
- What about all other services provided by OPNSense out of the box: proxy (transparent mode), SSL-VPN, IPSec, IPS? Do I need to configure every service in both nodes or only in one node?
> Same answer :-)
- Using an external PKI for OpenVPN and transparent proxy: how is it managed with OPNSense? Do I need to create a certificate for every o node or can I configure a certificate assigned to a virtual name on both nodes when firewalls are configured as a OpenVPN servers?
> Not sure how this question relates. There is no HA on OpenVPN.
Anyway, I say try it and most of your questions will be answered, see also:
https://docs.opnsense.org/manual/how-tos/carp.html?highlight=carp
Cheers,
Jos
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
Installing new 18.1 release in HA