Rule problem in a cluster
-
Hello,
I have a cluster of two pfsense netgate xg1541. The master manages all traffic. HA is therefore set to both firewalls. When I create a rule from the master, it is duplicated on the second. However, after a few seconds I lose my internet connection. The Ping still works on the carp lan but it is impossible to go outside. This problem occurs only on the master. I am obliged to disable the master's carp mode to redirect traffic to the slave. The slave does not have this problem. It works normally. However, I reinstalled the master several times using a usb key and reimported its configuration but the problem persists. I don't have a problem displayed in the logs. Are you aware of this problem? Thank you for your help.
Regards. -
The cluster version is 22.01.
-
No clue. Did you check that "Synchronize Config to IP" in "Configuration Synchronization Settings (XMLRPC Sync)" is empty on the second firewall?
-
@cisco0613 If you have a lot of rules, and the outage is very temporary, there is a patch in the System Patches package for "Disable pf counter data preservation to temporarily work around latency when reloading large rulesets (Redmine #12827)."
However your description doesn't sound very temporary. When this happens does the Status/CARP page look correct on both routers as to the primary having all the Masters?
-
@klaws
Hello,
The "Synchronize Config to IP" field is empty on the slave pfsense. The configuration has been checked several times. -
@steveits
Hello,
When I add the rule on the master, it is duplicated on the second pfsense. The master pfsense remains master in "status/CARP".
The second pfsense is in "Backup".
Yes the problem is not temporary, I have a total loss to the internet.
The master's wan interfaces are up and communicating with their gateway. But unable to access the internet.
The interfaces are in green on the dashboard.Regards.