Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
High availability
»
Opinion of your HA functionality
« previous
next »
Print
Pages: [
1
]
Author
Topic: Opinion of your HA functionality (Read 5724 times)
terrrorr
Newbie
Posts: 2
Karma: 0
Opinion of your HA functionality
«
on:
February 16, 2021, 02:36:48 am »
Dear OPNSense Development team
I am not sure how that conversation has gone, but it sounds quite odd decision to remove automated synchronization options from your product. Maybe there are some real issues you were not able to fix it, but taking huge steps backwards
That said, my long time partner made decision to find other firewall product because they came in conclusion that using your support is pointless. Conversations were fruitless and therefore they felt that they were left alone with the "problem".
I personally find it odd that typical solutions which has been used for quite some time is suddenly is so bad that it cannot be fixed... or you do not have any means to find replacement which would support your needs. Was it actually so bad and broke your system that you had to remove it fully? Making these kind of decisions not only affect to you and your money but also your reputation. I hope others does not see your situation as dire as my partner.
You should understand that corporates does not buy products or support because it costs something They pay money because they want to have good service which fits to their business case... unfortunately your decision drove paying customer to find alternative solution. Yes, that is life, but as a old network engineer, I just cannot recommend your products.
From your business case point of view, I hope you will find proper solution at some day... hopefully sooner than later. In a meanwhile, I will leave you alone and hope that later, when I come back to check how things has progressed, I will find your product suitable for my customers
Happy developing
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: Opinion of your HA functionality
«
Reply #1 on:
February 16, 2021, 07:57:53 am »
Every customer I tell, that when you lock out yourself from FW1 via a stupid firewall rule wont kick you out of FW2 since config is synced manually totally understands and supports this design.
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
terrrorr
Newbie
Posts: 2
Karma: 0
Re: Opinion of your HA functionality
«
Reply #2 on:
February 16, 2021, 12:37:16 pm »
Hi mimugmail,
So, from your point of view its better that I forgot to apply rules on secondary firewall and once my primary firewall fails, suddenly I have service related issue which comes as a surprise. Do you think anyone would suspect that firewall blocks that traffic and do not insists that you have issues on your servers? IT will lose time and business loses money, its that simple
If you have heard Commit Confirmation functionalities, which some firewall vendors does, that would prevent you to lock your self out.
I am not sure how your though process applies in situation if you are using dynamic routing protocols? Even you lock yourself out, most likely your master is still master
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: Opinion of your HA functionality
«
Reply #3 on:
February 16, 2021, 01:15:40 pm »
Hm, I don't get the problem. Just sync the config after every bigger change ... it's just a line in your change request process checklist.
You can also add a new action with rc.filter_synchronize as command and then do the sync regulary via cron
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
kevin192291
Newbie
Posts: 9
Karma: 0
Re: Opinion of your HA functionality
«
Reply #4 on:
February 17, 2021, 06:59:02 pm »
Is Sync from Master to Backup going away?
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: Opinion of your HA functionality
«
Reply #5 on:
February 17, 2021, 08:49:13 pm »
Quote from: kevin192291 on February 17, 2021, 06:59:02 pm
Is Sync from Master to Backup going away?
No, its just a manual process
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: Opinion of your HA functionality
«
Reply #6 on:
February 27, 2021, 02:35:44 pm »
Only for you
https://www.reddit.com/r/OPNsenseFirewall/comments/lto37l/new_community_plugin_ha_config_sync_and_reload/
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
supern00b
Newbie
Posts: 7
Karma: 0
Re: Opinion of your HA functionality
«
Reply #7 on:
March 30, 2021, 11:24:45 am »
next time I recommend to open an issue/feature request for that..
https://github.com/opnsense/core/issues/4604
Logged
franco
Administrator
Hero Member
Posts: 17659
Karma: 1611
Re: Opinion of your HA functionality
«
Reply #8 on:
March 30, 2021, 12:05:52 pm »
Yes all tickets welcome!
Cheers,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
High availability
»
Opinion of your HA functionality