CARP Issue

[opns-newb]

Hello,

We have a setup of two opns firewalls (DEC4040's running opns-business 23.10.2) in a HA configuration. They are connected with direct pfsync interface and each have two WAN connections. We have five (5) CARP interfaces and a WAN Gateway Group configured on each.

The CARP interfaces are for our three internal subnets and our two WAN connections. We're experiencing an issue whereby if any of the WAN modems fails, all CARP interfaces are switching from the primary firewall (Master) to the backup firewall. Also, when the WAN modem comes back up, the CARP interfaces aren't automatically switching back to the primary firewall.

I've attached a diagram of our setup as a reference.

Any insight as to why this behavior is occurring would be greatly appreciated.

Thanks!

[opns-newb]

Mods - can you please move this to the HA forum? Thank you!

[mimugmail]

Screenshot of System : HA : Settings of both please

[opns-newb]

opns-01 (primary firewall) HA settings are attached here.

[opns-newb]

opns-02 (backup) is attached here.

[mimugmail]

Looks good, then screenshot of Interfaces : Virtualisierung IPs : Status when backup didnt switch back

[opns-newb]

Here's opns-01 (primary) CARP status page.

[opns-newb]

Here's opns-02 (backup) CARP status page.

[mimugmail]

Screenshots of this situation "Also, when the WAN modem comes back up, the CARP interfaces aren't automatically switching back to the primary firewall."

[opns-newb]

I can't force the issue to happen now and take a screenshot since it's a production network.

But what does happen is that opns-02 (backup FW) becomes a Master on all CARP interfaces. The only way to get it to relinquish Master status is by temporarily disabling CARP on it to force it to switch back over to opns-01.