Skip to main content

Viewing Status on a High Available OPNsense Cluster Firewall

Two or more OPNsense firewalls can be configured as redundant firewalls with automatic fail-over. If one of the network interfaces fails on the primary firewall or the primary firewall goes offline entirely, the secondary becomes active.

note

To get benefits of High Availability feature you need to have a Zenarmor Business Edition.

Viewing Zenarmor Status on HA

For an OPNsense cluster environment, the Zenarmor plugin should be installed on all cluster nodes separately.

By navigating to ZenarmorSettingsHigh Availability on OPNsense GUI, you can view the Zenarmor versions on the backup firewalls.

If you have an OPNsense cluster firewall, you can view the details of the Zenarmor versions and Zenarmor services status on the Backup firewall. You can also check whether the configuration and policies are synchronized with the secondary firewall or not.

Zenarmor HA page on a cluster firewall

Figure 1. HA page on a master firewall.

If you change Zenarmor configuration and policies on the primary OPNsense, a warning message indicating that you are working on a cluster system and system configuration should be synchronized appears on the screen. You can initiate a synchronization by clicking the Sync button in the notification message.

Synchronization of Zenarmor Configuration and Policies with Backup Firewall

Figure 2. Synchronization of Zenarmor Configuration and Policies with Backup Firewall

In Engine Status pane, you can view the version and status of the following Backup Firewall services:

Database pane provides detailed information about:

  • Status of Reporting Database of Backup Firewall

  • Application Database version of Backup Firewall

  • Reporting Database type of Backup Firewall

In Synchronize Firewall pane, you can view

  • the synchronization status of the Zenarmor Configuration

  • the synchronization status of the Zenarmor Policies

  • last Update Time of the Zenarmor Configuration

  • last Update Time of the Zenarmor Policies

If Zenarmor is running on a standalone firewall, not a cluster firewall, the Backup FW IP not defined message is displayed in this HA tab.

Zenarmor HA page on a standalone firewall

Figure 3. HA page on a standalone firewall.

Last updated on by Zenarmor