Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
Azure Load Balancer Health Probes to multiple interfaces
« previous
next »
Print
Pages: [
1
]
Author
Topic: Azure Load Balancer Health Probes to multiple interfaces (Read 1796 times)
4RYq5X
Newbie
Posts: 1
Karma: 0
Azure Load Balancer Health Probes to multiple interfaces
«
on:
March 04, 2021, 08:35:38 pm »
Hello,
I have deployed 2 x OpnSense instances from the Azure Marketplace, and I am trying to leverage two Azure Load Balancers (they are treated as an untrust and a trust load balancer) to achieve a redundant OpnSense environment. Unfortunately, I am running into difficulty regarding the Azure Health Probes, specifically replying to those probes in a symmetric fashion.
Unfortunately, the Azure Health Probes are not flexible in terms of their choice of their source IP, it is always 168.63.129.16 regardless of which VNET subnet it is received on. This leads to issues with OpnSense where there is only one routing table for the whole firewall.
I have tried to leverage policy-based routing (via Gateways, playing around with MultiWAN behaviour in the Advanced settings, etc) as well as interface-specific SNATs, which were unsuccessful. The most effective solution was to establish a static route to the Interface-specific VNET gateway. This will work on one of the Azure Health Probes for one interface/VNET subnet, but not in a situation where you need the two instances of Azure Health Probes, each of them entering the firewall from trust and untrust interfaces. It is a requirement for the Health Probes to respond symmetrically from the interface it is received on.
Is there anything I am overlooking? Is it possible to leverage multiple Azure Load Balancers on OpnSense? If not, is this something that can be a feature request?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
Azure Load Balancer Health Probes to multiple interfaces