Zenarmor causes issues with HA until set to bypass.

Started by itngo, November 06, 2024, 07:46:05 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 06, 2024, 07:46:05 AM
We have a HA-Pair Deciso-Appliance here where Zenarmor is currently being evaluated.
We use CARP VIP with unicast, but this issue exists also when multicast was used.
About 12 VLANs and ZA is configured to protect only few of them and at least one dedicated interface.

Every few days and sometimes multiple times a day the firewalls get into split-brain or at least master stops processing traffic for some endpoints. For example 2 server in a subnet can communicate normal while other in the same subnet can not and are also not reachable per ping.

When we set Zenarmor to bypass everything returns to normal. Anyone had this issue already?
November 06, 2024, 10:19:02 AM #1
What do the logs say OPNsense General and ZenArmor notification?
Anything weird ongoing there?
Do you see something in the reports of Live sessions in ZA? Any block?

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
November 06, 2024, 11:31:11 AM #2
You can be sure that we will continue to update you through the ticket you created.
Print
Go Up Pages1
User actions