Setting of OPNsense HA cluster sync from version 24.7

From Thomas-Krenn-Wiki
Jump to navigation Jump to search

OPNsense 24.7 brings some new features and improvements, including a new kernel with FreeBSD 14.1-RELEASE. The synchronisation of a HA cluster has also been adapted and the adaption of these settings is required so that the synchronisation between the two firewalls functions again. This article explains how to adapt the synchronisation of both firewalls for version 24.7.

A notification the backup firewall is not accessible or not configured is displayed. It has already been changed by the activation of the Persistent CARP Maintenance Mode to the backup firewall.

Click here for OPNsense firewalls in the online shop of Thomas-Krenn

Error description

OPNsense 24.7.2 has already been installed on both firewalls and the update to 24.7.4 has been performed. First, the backup firewall (in this context FW2) of a OPNsense HA cluster has been updated to 24.7.4 and shows the following notification in the menu after the restart: System → High Availability → Status 

The backup firewall is not accessible or not configured.

Solution

The menu System → High Availability → Status has now a menu item Sync compatibility, which has to be set to OPNsense 24.7 or above.

  • The backup firewall (FW2) has been updated to 24.7.4 and it has already been switched to this firewall. This is now the active firewall and some settings have to be adjusted so that the sync for the FW1 functions correctly.
    The backup firewall (FW2) has been updated to 24.7.4 and it has already been switched to this firewall. This is now the active firewall and some settings have to be adjusted so that the sync for the FW1 functions correctly.
  • Adjust from Sync compatibility to OPNsense 24.7 or above and type in the data of the other firewall node (FW1). Scroll down and click on Apply.
    Adjust from Sync compatibility to OPNsense 24.7 or above and type in the data of the other firewall node (FW1). Scroll down and click on Apply.
  • You can now perform the update at the latest temporary firewall (FW1). Please also restart the firewall. Afterwards, you also have to adjust the Sync compatibility settings.
    You can now perform the update at the latest temporary firewall (FW1). Please also restart the firewall. Afterwards, you also have to adjust the Sync compatibility settings.
  • Click on Apply.
    Click on Apply.
  • The status is now correct again.
    The status is now correct again.
  • You can now leave the Persistent Maintenance Mode of the FW1. Now, the configuration switches to FW1 as active firewall. Please verify this at System → High Availability → Settings and System → High Availability → Status if the settings are correct and if the configuration is synchronized correctly.
    You can now leave the Persistent Maintenance Mode of the FW1. Now, the configuration switches to FW1 as active firewall. Please verify this at System → High Availability → Settings and System → High Availability → Status if the settings are correct and if the configuration is synchronized correctly.
  • Dashboard of the active firewall FW1.
    Dashboard of the active firewall FW1.

Author: Thomas Niedermeier

Thomas Niedermeier working in the product management team at Thomas-Krenn, completed his bachelor's degree in business informatics at the Deggendorf University of Applied Sciences. Since 2013 Thomas is employed at Thomas-Krenn and takes care of OPNsense firewalls, the Thomas-Krenn-Wiki and firmware security updates.


Related articles

Broadcom bnxt driver update under OPNsense
Show article
SSL routines tls process server certificate certificate verify failed - Authentication error
Show article
Thomas-Krenn OPNsense Rack-Server Firewall Performance
Show article