• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Can't access secondary firewall GUI on some interfaces

Scheduled Pinned Locked Moved HA/CARP/VIPs
1 Posts 1 Posters 90 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T
    the_worm91
    last edited by Aug 20, 2024, 11:04 AM

    Hi everyone,
    I have a cluster of 2 pfsense (fw-A is the master and fw-B the secondary) and I have in total 12 interfaces: 4 WAN interfaces and 8 local interfaces.
    LAN interface 192.168.0.x/24 (lan subnet for all the office)
    MNG interface 192.168.32.x/24 (management subnet for the hypervisor esxi and switches)
    DMZ interface 192.168.33.x/24
    VGL interface 192.168.34.x/24 (another subnet for other local servers)
    BBL interface 192.168.35.x/24 (lan subnet for a special office)
    MMD interface 192.168.36.x/24 (lan subnet for a conference room)
    VOIP interface 192.168.2.x/24 (voip sub to manage ip phones)
    On each local interface is setup the primary and the secondary fw with the ip192.168.x.101 for the master fw-A and 192.168.x.102 for secondary fw-B.
    From my pc i can reach any interface and (of course) i can access to the master fw GUI of any local interface and the secondary fw-B only on LAN and MNG interfaces.
    When i try to access to the secondary fw-B on DMZ, VGL, BBL, MMD and VOIP interfaces the connection has timed out.
    If i look in the tab system logs/status/firewall i don't have blocking rules but i only see rules that allow me to reach the secondary fw on the aforementioned interfaces.

    I also noticed a strange behavior of the rules:
    Pass-> Aug 20 08:43:06 LAN "admin on MNG from LAN (1682498233)" 192.168.0.91:52348 192.168.32.102:445 TCP:S
    after one minute:
    Deny-> Aug 20 08:44:07 LAN "LAN other deny (1454778479)" 192.168.0.91:52348 192.168.32.102:445 TCP:PA
    and...
    Pass-> Aug 20 09:49:48 LAN "admin on MNG from LAN (1682498233)" 192.168.0.91:53166 192.168.32.102:445 TCP:S
    Deny-> Aug 20 09:49:47 LAN "LAN other deny (1454778479)" 192.168.0.91:53160 192.168.32.102:445 TCP:A
    ...but i still reach the fw-B on the ip 192.168.32.102, I can't stand why the rules are processed in this crazy way when the rule "admin on MNG from LAN" is over the second one (and should processed before).
    Except this everything works fine in the network, i'm going crazy to troubleshoot the source of the problem, any suggestion?

    thanks

    1 Reply Last reply Reply Quote 0
    1 out of 1
    • First post
      1/1
      Last post
    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
      This community forum collects and processes your personal information.
      consent.not_received