Can't ping HA interface IP

Started by paul199513, November 14, 2022, 11:47:50 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 14, 2022, 11:47:50 AM
Hello,
i have two OPNsense firewalls which are connected to a switch and also connected directly to use this port as pfsync. I have entered an ip of the same subnet, but the firewalls can't ping or reach each other. Do i need to configure something else?

Thanks i advance :)
November 14, 2022, 12:24:08 PM #1
If you added the HA/pfsync interface as e.g. OPT1, there won't be any firewall rules present for that interface, initially. You need to add a rule permitting everything in on that interface (easiest way to permit "ping" as well as pfsync, XMLRPC, etc.)
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
November 14, 2022, 12:34:29 PM #2
Hi, i configured the firewall rules already. I let every ipv4 traffic on that interface in.
November 14, 2022, 01:36:14 PM #3
I was now able to ping the other firewall, but HA isn't working. In the menu is the info that the backup firewall is not accessible or not configured.
November 14, 2022, 01:43:19 PM #4
Can the firewalls ping each other or only master to slave but not vica versa? Make sure the synchronize interface is the pfsync interface and that the Master firewall has the ip address of the Backup firewall configured in the pfsync Synchronize Peer IP and vica versa.

For synchronization, only configure XMLRPC Sync on the Master, use the pfsync address of the Backup firewall as Synchronize Config to IP and the admin credentials of the Backup firewall (or dedicated user account for synchronization).
November 14, 2022, 03:39:25 PM #5
The firewalls can ping each other. I also checked with a port scan, if the backup firewall listens on the https port on the HA interface and got a succeeded.
Print
Go Up Pages1
User actions