1st installation of Firewall in HA mode

This forum is intended to provide straightforward answers for people trying to use DynFi Firewall Open Source firewalls.
We might also try to answer questions related to competitors firewall such as pfSense® and OPNsense® systems.

Moderator: gregober

Post Reply
User avatar
JonPre
Posts: 4
Joined: 19 Jun 2020, 19:12

1st installation of Firewall in HA mode

Post by JonPre » 19 Jun 2020, 19:25

Hello,

I'm happy to write the first post here :)

[Edit] Plan has changed for a better, and easier, solution :)

In attach the new scheme.

I configured the High Avaliability, I hope, in the good way.

I have 2 issues with it :
  1. When the master firewall send an update to the slave, it delete the rule on my Sync interface so it do not allow any new modification, I think it's not how it works!? Can you confirm or help me configure it properly please?
  • The Ipsec connection work pretty well on the main firewall but do not work at all on the second, when I test the failover of the main firewall it continue all internet connection on the second but it not connect the Ipsec so I loose the connection to the main office. I let the firewall configure IPsec with the sync of the ha but nothing, I will share pictures of the configuration
Attachments
schéma réseau - VPAuto Cauda-Rouen.png
User avatar
gregober
Posts: 268
Joined: 26 Mar 2019, 15:06

Re: 1st installation of Firewall in HA mode

Post by gregober » 26 Jun 2020, 11:03

I have 2 issues with it :

When the master firewall send an update to the slave, it delete the rule on my Sync interface so it do not allow any new modification, I think it's not how it works!? Can you confirm or help me configure it properly please?
This is probably because you haven't enabled the pfSync on both nodes, so your rules can't be synchronized correctly.
Please check the synchronization settings of both of your devices.
The Ipsec connection work pretty well on the main firewall but do not work at all on the second, when I test the failover of the main firewall it continue all internet connection on the second but it not connect the Ipsec so I loose the connection to the main office. I let the firewall configure IPsec with the sync of the ha but nothing, I will share pictures of the configuration
This problem is most probably related to the first post.
Solving the first problem should solve both ! (hopefully).
User avatar
JonPre
Posts: 4
Joined: 19 Jun 2020, 19:12

Re: 1st installation of Firewall in HA mode

Post by JonPre » 26 Jun 2020, 18:32

Thanks for the quick anser.

I enabled the pfsync on both interfaces but still the same issue... I don't understand why it keep deleting the rules on the Sync interface... On monday I will bring captures of the pfsync conf...
User avatar
JonPre
Posts: 4
Joined: 19 Jun 2020, 19:12

Re: 1st installation of Firewall in HA mode

Post by JonPre » 13 Jul 2020, 09:56

Hello,

I come to news :)
I have my HA who is working fine now, instant synchronisation when I chnge Firewall rules, to do it :
1) I delete and recreate the SYNC interface
2) I added a GW for this interface

From now I don't have any more error message in the notification area.

It remain 1 issue : The IPSec on the slave firewall do not connect. I would like to know if it normal, and so connect if the primary firewall crash, or do it need to be also up?

In attach the IPSec status.

Thanks for your replies.
Attachments
2020-07-13_09h55_50.png
Post Reply