OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • High availability »
  • High Availability with Two OPNsense Virtual Firewalls
« previous next »
  • Print
Pages: [1]

Author Topic: High Availability with Two OPNsense Virtual Firewalls  (Read 2270 times)

spetrillo

  • Hero Member
  • *****
  • Posts: 721
  • Karma: 8
    • View Profile
High Availability with Two OPNsense Virtual Firewalls
« on: April 13, 2023, 05:36:27 pm »
Hello all,

Is there a good document that details the steps to make two OPNsense vms highly available?

Thanks,
Steve
Logged

Patrick M. Hausen

  • Hero Member
  • *****
  • Posts: 6935
  • Karma: 584
    • View Profile
Re: High Availability with Two OPNsense Virtual Firewalls
« Reply #1 on: April 13, 2023, 06:05:46 pm »
It's the same as with dedicated hardware firewalls. Make sure the virtual network interfaces are created in exactly the same order, then follow the documentation.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)

bimbar

  • Sr. Member
  • ****
  • Posts: 445
  • Karma: 25
    • View Profile
Re: High Availability with Two OPNsense Virtual Firewalls
« Reply #2 on: May 08, 2023, 03:52:55 pm »
There are some issues with vmware, promiscuous mode and CARP.

For example: https://kb.vmware.com/s/article/2144849

https://docs.netgate.com/pfsense/en/latest/troubleshooting/high-availability-virtual.html#hypervisor-users-especially-vmware-esx-esxi
Logged

Patrick M. Hausen

  • Hero Member
  • *****
  • Posts: 6935
  • Karma: 584
    • View Profile
Re: High Availability with Two OPNsense Virtual Firewalls
« Reply #3 on: May 08, 2023, 04:01:44 pm »
Wouldn't you run your two virtual firewalls on two different ESXi hosts? Doesn't make much sense on a single one, does it? That's probably why I never experienced this problem. I have been running virtual firewalls in HA configurations for years.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)

bimbar

  • Sr. Member
  • ****
  • Posts: 445
  • Karma: 25
    • View Profile
Re: High Availability with Two OPNsense Virtual Firewalls
« Reply #4 on: May 10, 2023, 02:05:47 pm »
This can also happen if you have only one firewall on an ESXi, at least that's what happened to my setup with one virtual and one in hardware.
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • High availability »
  • High Availability with Two OPNsense Virtual Firewalls
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2