Issues with bridged networks on primary and secondary firewall
-
Hi there,
I have a setup where we have two pfSense firewalls, a primary and a secondary.
This firewall has the following setup:
|------DMZ_WAN------| <- over VLAN.n _______ _______ |XCP01| |XCP02| | FW1 | | FW2 | |------DMZ_LAN------| <- over GRE tunnelThe GRE tunnel is not made via pfSense, but underlying infrastructure - The same goes for the VLAN.n at the DMZ WAN side, for the pfSense it's just like the cable is directly connected to the switch
The interfaces are bridged and configured with transparent firewalling. There is no NAT. Everything works fine with 1 bridge on the primary FW.
Now, for resilience and redundancy, we're looking to enable the bridge at fw2.
At the bridge advanced configuration on FW1:- Enabled STP/RSTP;
- Added the respective ports to the Auto PTP Ports;
- Selected the respective interfaces as STP interfaces;
- Set Bridge Priority at FW1 to 3072;
- Set Interface priority to 64;
The secondary firewall has the default values, (32768 for bridge priority and 128 on the interfaces).
Now what happens is:
At the secondary firewall, as soon as I add the interfaces to the bridge, I DON'T EVEN NEED TO ENABLE THE INTERFACE, the whole network goes DOWN. Its something I'd expect from a loop on the network, without STP, but not by simply adding an interface to a bridge without it being UP.Currently we have the secondary bridge down and everything is working over the primary. But we'd like to implement this properly, where STP blocks the interface with the lower priority.
What am I doing wrong here? Thanks.
-
bump
