1st installation of Firewall in HA mode

This forum is intended to provide straightforward answers for people trying to use Open Source firewalls such as the pfSense® and OPNsense® firewall systems.

Moderator: gregober

Post Reply
User avatar
JonPre
Posts: 4
Joined: Fri Jun 19, 2020 5:12 pm

1st installation of Firewall in HA mode

Post by JonPre » Fri Jun 19, 2020 5:25 pm

Hello,

I'm happy to write the first post here :)

[Edit] Plan has changed for a better, and easier, solution :)

In attach the new scheme.

I configured the High Avaliability, I hope, in the good way.

I have 2 issues with it :
  1. When the master firewall send an update to the slave, it delete the rule on my Sync interface so it do not allow any new modification, I think it's not how it works!? Can you confirm or help me configure it properly please?
  • The Ipsec connection work pretty well on the main firewall but do not work at all on the second, when I test the failover of the main firewall it continue all internet connection on the second but it not connect the Ipsec so I loose the connection to the main office. I let the firewall configure IPsec with the sync of the ha but nothing, I will share pictures of the configuration
Attachments
schéma réseau - VPAuto Cauda-Rouen.png
User avatar
gregober
Posts: 89
Joined: Tue Mar 26, 2019 2:06 pm

Re: 1st installation of Firewall in HA mode

Post by gregober » Fri Jun 26, 2020 9:03 am

I have 2 issues with it :

When the master firewall send an update to the slave, it delete the rule on my Sync interface so it do not allow any new modification, I think it's not how it works!? Can you confirm or help me configure it properly please?
This is probably because you haven't enabled the pfSync on both nodes, so your rules can't be synchronized correctly.
Please check the synchronization settings of both of your devices.
The Ipsec connection work pretty well on the main firewall but do not work at all on the second, when I test the failover of the main firewall it continue all internet connection on the second but it not connect the Ipsec so I loose the connection to the main office. I let the firewall configure IPsec with the sync of the ha but nothing, I will share pictures of the configuration
This problem is most probably related to the first post.
Solving the first problem should solve both ! (hopefully).
User avatar
JonPre
Posts: 4
Joined: Fri Jun 19, 2020 5:12 pm

Re: 1st installation of Firewall in HA mode

Post by JonPre » Fri Jun 26, 2020 4:32 pm

Thanks for the quick anser.

I enabled the pfsync on both interfaces but still the same issue... I don't understand why it keep deleting the rules on the Sync interface... On monday I will bring captures of the pfsync conf...
User avatar
JonPre
Posts: 4
Joined: Fri Jun 19, 2020 5:12 pm

Re: 1st installation of Firewall in HA mode

Post by JonPre » Mon Jul 13, 2020 7:56 am

Hello,

I come to news :)
I have my HA who is working fine now, instant synchronisation when I chnge Firewall rules, to do it :
1) I delete and recreate the SYNC interface
2) I added a GW for this interface

From now I don't have any more error message in the notification area.

It remain 1 issue : The IPSec on the slave firewall do not connect. I would like to know if it normal, and so connect if the primary firewall crash, or do it need to be also up?

In attach the IPSec status.

Thanks for your replies.
Attachments
2020-07-13_09h55_50.png
Post Reply