other:networking:opnsense:high_availability
Differences
This shows you the differences between two versions of the page.
Last revisionBoth sides next revision | |||
other:networking:opnsense:high_availability [2021/06/20 01:42] – created rodolico | other:networking:opnsense:high_availability [2021/06/20 02:05] – rodolico | ||
---|---|---|---|
Line 40: | Line 40: | ||
- Save | - Save | ||
- Repeat for all other interfaces (hint, you can clone an interface, then change the Interface, Address, VHID Group and Description). | - Repeat for all other interfaces (hint, you can clone an interface, then change the Interface, Address, VHID Group and Description). | ||
+ | - For each subnet which will be routing through the firewall, do the following. For example, if you have a subnet that only provides resources for other subnets, don't do this. But, for LAN, or anything else that will directly access the 'net. **You are setting outbound to use the CARP interface**: | ||
+ | - Firewall | NAT | outbound | ||
+ | - Change existing rules to use the CARP IP | ||
+ | - Create new rules for any other subnets (hint, clone the LAN, then make the changes needed) | ||
+ | |||
+ | ===== Additional ===== | ||
+ | |||
+ | - Change DHCP server to set the gateway to the Virtual IP | ||
+ | - Change DHCP server to set DNS to correct value (if not using defaults) | ||
+ | |||
+ | ===== Set up sync ===== | ||
+ | |||
+ | - On master router | ||
+ | - System | High Availability | Settings | ||
+ | - Synchronize States: check | ||
+ | - Synchronize Interface: The interface it will communicate on | ||
+ | - Synchronize Peer IP: the IP address of the backup router | ||
+ | - Synchronize Conifig to IP: The same IP (IP of the backup router) | ||
+ | - Remote System Username: A user on the backup router with full admin privileges | ||
+ | - Remote System Password: Password for that user | ||
+ | - Put a check mark in every system you want sync' | ||
+ | - Users and Groups | ||
+ | - Certificates | ||
+ | - Firewall Rules | ||
+ | - Firewall Schedules | ||
+ | - Firewall Categories | ||
+ | - Aliases | ||
+ | - NAT | ||
+ | - DHCPD (well, I want them sync' | ||
+ | - Virtual IP's (you MUST have this) | ||
+ | - Static Router | ||
+ | - OpenVPN, if you're going to use that | ||
+ | - Firewall Groups | ||
+ | - Unbound DNS (again, I want that) | ||
+ | - Click Save | ||
+ | - On backup Router | ||
+ | - System | High Availability | Settings | ||
+ | - Synchronize States: Check | ||
+ | - Interface: Select correct interface | ||
+ | - Synchronize Peer IP: IP of Master router | ||
+ | - Save (Do **not** put any additional information in) | ||
+ | - Reboot both firewalls if you want. Sometimes avoids problems | ||
+ | - On master router | ||
+ | - System | High Availability | Status | ||
+ | - Click the little round thing at the bottom, where it says all(*) | ||
+ | - Wait until it is done | ||
+ | - Log into backup router | ||
+ | - Look and ensure all services/ | ||
+ | |||
+ | ===== Other Information ===== | ||
===== Links ===== | ===== Links ===== | ||
* https:// | * https:// |
other/networking/opnsense/high_availability.txt · Last modified: 2021/06/20 02:11 by rodolico