Articles in this section

Viewing Status on a High Available OPNsense Cluster Firewall

SVN
  • Updated
Follow

Overview

Two or more OPNsense firewalls can be configured as redundant firewalls with automatic fail-over. If one of the network interfaces fails on the primary firewall or the primary firewall goes offline entirely, the secondary becomes active.

Viewing Sensei Status on HA

For an OPNsense cluster environment, the Sensei plugin should be installed on all cluster nodes separately.

By navigating to Sensei → Configuration → HA on OPNsense GUI, you can view the Sensei versions on the backup firewalls.

Figure 1: Status on a HA OPNsense Cluster Firewall

 

Sensei versions on the Backup FW” pane provides detailed information about:

  • Engine version

  • Application Database version

  • Rules Database version

  • Reporting Database version

 

If Sensei is running on a standalone firewall, not a cluster firewall, the “Backup FW IP not defined” message is displayed in this HA tab.

Figure 2: HA page on a standalone firewall.

If you have an OPNsense cluster firewall, you can view the details of the Sensei versions and Sensei services status on the Backup firewall. You can also check whether the configuration and policies are synchronized with the secondary firewall or not.

Figure 3: HA page on a cluster firewall.

If you change Sensei configuration and policies on the primary OPNsense, a warning message indicating that you are working on a cluster system and system configuration should be synchronized appears on the screen. You can initiate a synchronization by clicking the “Sync” button in the notification message.

In “Backup FW Sensei Services Status” pane, you can view the status of the following Backup Firewall services:

  • Sensei Engine and

  • Sensei Reporting Database.

In “Backup FW Sensei Services” pane, you can view

  • the synchronization status of the Sensei Configuration

  • the synchronization status of the Sensei Policies

  • last Update Time of the Sensei Configuration

  • last Update Time of the Sensei Policies

 Black Cloud with an up arrow icon in the Status means that Sensei Configuration/Policies is/are not synchronized with backup firewall. To synchronize them, click this button in the status column.

 

Checkmark icon means that in the Status means that Sensei Configuration/Policies is/are not synchronized with backup firewall.

 

Figure 4: Synchronization of Sensei Configuration and Policies with Backup Firewall

 

Figure 5: Sensei Configuration and Policies are synchronized with Backup Firewall

 
 
 
 

Related articles