Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
HA Sync and mismatched interfaces
« previous
next »
Print
Pages: [
1
]
Author
Topic: HA Sync and mismatched interfaces (Read 1875 times)
dragon2611
Jr. Member
Posts: 94
Karma: 4
HA Sync and mismatched interfaces
«
on:
October 21, 2017, 01:08:43 pm »
If you have an HA pair of firewalls but the interfaces don't match the wrong rules will sync
For instance firewall1 terminates a GRE tunnel that isn't HA (And I can't be bothered to fix that as it's not cricital) so the GRE interface is opt1 and the CARP interface is OPT2
Firewall 2 doesn't have this interface so the CARP interface is OPT1, which means it gets the firewall policy for the GRE tunnel rather than the one for the CARP interface.
Would be good if there was some way to manually pair them, or parse the name/description rather than assuming both firewalls are identical
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
HA Sync and mismatched interfaces
