From 3247e5871c70dd69c28d6c1b6662ba063ff006d5 Mon Sep 17 00:00:00 2001 From: Gitea Actions Date: Wed, 22 Oct 2025 19:25:53 +0000 Subject: [PATCH] Auto-update blog content from Obsidian: 2025-10-22 19:25:53 --- content/post/13-opnsense-full-configuration.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/content/post/13-opnsense-full-configuration.md b/content/post/13-opnsense-full-configuration.md index b898fe4..273359d 100644 --- a/content/post/13-opnsense-full-configuration.md +++ b/content/post/13-opnsense-full-configuration.md @@ -157,7 +157,10 @@ From `Firewall` > `Rules` > `pfSync`, I create a new rule on each firewall: ### Configure HA -The high availability in OPNsense is done at two main layers. The first is the firewall state layer, the synchronization is permanent. The second layer is the configuration (XMLRPC Sync). This part is not automatically sync +The high availability in OPNsense is done at two main layers. The first layer is the firewall state, the synchronization is permanent. The second layer is the configuration (XMLRPC Sync). This part is not automatically synchronized and must be done only from the master to backup. + +The +#### Master Next, I head to `System` > `High Availability` > `Settings`: - **Master** (`cerbere-head1`): - **General Settings** @@ -169,7 +172,7 @@ Next, I head to `System` > `High Availability` > `Settings`: - **Remote System Password**: `` - **Services to synchronize (XMLRPC Sync)** - **Services**: Select All -- **Backup** (`cerbere-head2`): +#### Backup (`cerbere-head2`): - **Synchronize all states via**: *pfSync* - **Synchronize Peer IP**: `192.168.44.1`, the master node IP ⚠️ Do not fill the XMLRPC Sync fields on the backup node, only to be filled on the master.