Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
OPNCentral provision error for Firewall Categories
« previous
next »
Print
Pages: [
1
]
Author
Topic: OPNCentral provision error for Firewall Categories (Read 1512 times)
v01ded
Newbie
Posts: 8
Karma: 0
OPNCentral provision error for Firewall Categories
«
on:
November 03, 2023, 02:11:34 am »
Dear All,
I'm getting the following error when trying to push down Firewall Categories from the central OPNSense firewall to other managed firewall. There is only 1 firewall category in the central firewall and none on the manage firewall. At the moment, I have only enable synchronization on the Alias and Firewall Category class. Synchronization on the Alias works without error.
Here is the error in the log file of the central firewall and the details of the firewall category. Any idea what i did wrongly?
Stanley
Logged
franco
Administrator
Hero Member
Posts: 17668
Karma: 1611
Re: OPNCentral provision error for Firewall Categories
«
Reply #1 on:
November 03, 2023, 09:04:49 am »
Hi,
Can you add a category on the remote host manually and try to sync again?
If this works then we know what the issue is and how to fix.
Cheers,
Franco
Logged
v01ded
Newbie
Posts: 8
Karma: 0
Re: OPNCentral provision error for Firewall Categories
«
Reply #2 on:
November 03, 2023, 10:02:43 am »
Hi Franco,
Did as you have suggested. I created a corresponding Firewall Categories with the same name on the remote firewall and the sync worked. Cheers.
Stanley Lim
Logged
v01ded
Newbie
Posts: 8
Karma: 0
Re: OPNCentral provision error for Firewall Categories
«
Reply #3 on:
November 03, 2023, 10:37:55 am »
Hi Franco,
I also noticed another unusual behavior on the syncing of Firewall Rules and could be related this is issue. Everytime I click on on Management >> Provisioning >> Reconfigure button, I notice a duplicate set of rules will be create on the remote firewall. Please see attached screenshots.
Stanley
Logged
franco
Administrator
Hero Member
Posts: 17668
Karma: 1611
Re: OPNCentral provision error for Firewall Categories
«
Reply #4 on:
November 03, 2023, 11:46:51 am »
Hi Stanley,
We prepare a fix for the Categories. About the rules not sure yet. What are the versions on both ends to make sure we're not looking at the wrong thing? The code diverged between version and may behave differently when using different versions on both ends.
Cheers,
Franco
Logged
v01ded
Newbie
Posts: 8
Karma: 0
Re: OPNCentral provision error for Firewall Categories
«
Reply #5 on:
November 03, 2023, 11:51:28 am »
Hi Franco,
Both Firewall uses OPNsense 23.10-amd64 with OPNcentral 1.7. Cheers.
Logged
franco
Administrator
Hero Member
Posts: 17668
Karma: 1611
Re: OPNCentral provision error for Firewall Categories
«
Reply #6 on:
November 03, 2023, 01:26:33 pm »
Thanks, I'll follow up next week. We are going to discuss it on Monday and then work on it.
Cheers,
Franco
Logged
franco
Administrator
Hero Member
Posts: 17668
Karma: 1611
Re: OPNCentral provision error for Firewall Categories
«
Reply #7 on:
November 07, 2023, 01:28:03 pm »
Fixed both issues for the next release 23.10.1.
Syncing floating rules between changing interfaces is difficult. There are some constraints to what we can consider synced and what we cannot sync because the list of selected interfaces does not match (anymore) between machines. But in this particular case the code was improved to avoid duplication as much as possible.
Cheers,
Franco
Logged
v01ded
Newbie
Posts: 8
Karma: 0
Re: OPNCentral provision error for Firewall Categories
«
Reply #8 on:
November 16, 2023, 12:27:18 pm »
Hi Franco,
Apologies for the delay response. i was away from work and wasn't able to test the update until now.
Updated to OPNSense 23.10_2. The Aliases is syncing right now. However, the duplication of Firewall rules still exists on the Floating groups. Not errors in the system log. Firewall rules for other interface does not have such issue.
Thanks for resolving the aliases issue. Hope we can resolve the Floating firewall rules issue too. Cheers.
Stanley Lim
Logged
franco
Administrator
Hero Member
Posts: 17668
Karma: 1611
Re: OPNCentral provision error for Firewall Categories
«
Reply #9 on:
November 16, 2023, 12:46:29 pm »
Hi Stanley,
No problem. Note that 23.10_2 < 23.10.1 (which hasn't been released yet). It should be released before December, but haven't decided on a date yet.
Cheers,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
OPNCentral provision error for Firewall Categories