Help required with outbound NAT with High Availability

[tomclewes]

Setup:
ISP Router > OPNsense VIP (192.168.10.253)
FW01 = 192.168.10.1
FW02 = 192.168.10.2

The firewalls are virtualised and are in HA on the VIP of 192.168.10.253

I've just spend ages trying to troubleshoot an issue whereby I could not access a test Wordpress website that is behind my OPnsense firewalls in HA.

Initial thoughts were:

1. I hadn't setup a firewall rule or a NAT rule properly
2. Double NAT was interfering

I've now located and pinpointed the exact cause which is the outbound NAT which I have set to manual as per the documentation when using HA. As soon as I set it back to automatic, I am able to access my Wordpress website remotely.

My outbound manual NAT rules consist of the following:

Rule 1:
Interface = WAN
Source = Any
Source Port = *
Destination = *
Destination Port = *
NAT address = WAN VIP
NAT Port = *
Static Port = No

Rule 2:
Interface = WAN
Source = Any
Source Port = *
Destination = *
Destination Port = 500
NAT address = WAN VIP
NAT Port = *
Static Port = Yes

I have attempted to set a manual rule which reflects the automatic rule which essentially sets the NAT address to 'WAN'. This however has now helped.

For the time being I have set the NAT back to automatic but this will not mean full HA.

Has anyone got any ideas on what I could have done wrong?

Thank you in advance.

[tomclewes]

bump