Page 1 of 1

1st installation of Firewall in HA mode

Posted: 19 Jun 2020, 19:25
by JonPre
Hello,

I'm happy to write the first post here :)

[Edit] Plan has changed for a better, and easier, solution :)

In attach the new scheme.

I configured the High Avaliability, I hope, in the good way.

I have 2 issues with it :
  1. When the master firewall send an update to the slave, it delete the rule on my Sync interface so it do not allow any new modification, I think it's not how it works!? Can you confirm or help me configure it properly please?
  • The Ipsec connection work pretty well on the main firewall but do not work at all on the second, when I test the failover of the main firewall it continue all internet connection on the second but it not connect the Ipsec so I loose the connection to the main office. I let the firewall configure IPsec with the sync of the ha but nothing, I will share pictures of the configuration

Re: 1st installation of Firewall in HA mode

Posted: 26 Jun 2020, 11:03
by gregober
I have 2 issues with it :

When the master firewall send an update to the slave, it delete the rule on my Sync interface so it do not allow any new modification, I think it's not how it works!? Can you confirm or help me configure it properly please?
This is probably because you haven't enabled the pfSync on both nodes, so your rules can't be synchronized correctly.
Please check the synchronization settings of both of your devices.
The Ipsec connection work pretty well on the main firewall but do not work at all on the second, when I test the failover of the main firewall it continue all internet connection on the second but it not connect the Ipsec so I loose the connection to the main office. I let the firewall configure IPsec with the sync of the ha but nothing, I will share pictures of the configuration
This problem is most probably related to the first post.
Solving the first problem should solve both ! (hopefully).

Re: 1st installation of Firewall in HA mode

Posted: 26 Jun 2020, 18:32
by JonPre
Thanks for the quick anser.

I enabled the pfsync on both interfaces but still the same issue... I don't understand why it keep deleting the rules on the Sync interface... On monday I will bring captures of the pfsync conf...

Re: 1st installation of Firewall in HA mode

Posted: 13 Jul 2020, 09:56
by JonPre
Hello,

I come to news :)
I have my HA who is working fine now, instant synchronisation when I chnge Firewall rules, to do it :
1) I delete and recreate the SYNC interface
2) I added a GW for this interface

From now I don't have any more error message in the notification area.

It remain 1 issue : The IPSec on the slave firewall do not connect. I would like to know if it normal, and so connect if the primary firewall crash, or do it need to be also up?

In attach the IPSec status.

Thanks for your replies.