How to access firewall settings#

Intended audience

sysadm staff members

The firewalls are 2 OPNsense VMs deployed on the PROXMOX cluster with an High Availability configuration.

They are sharing a virtual IP on each VLAN to act as the gateway. Only one of the 2 firewalls is owning all the GW ips at the same time. The owner is called the PRIMARY

Nominal Role

name (link to the inventory)

login page





Access to the gui of the secondary firewall#

The secondary firewall is not directly reachable for VPN user. As the OpenVPN service is also running when the firewall is a backup, the packets coming from the VPN are routed to the local VPN on the secondary and lost.

To access to GUI, a tunnel can be used:

ssh -L

Once the tunnel is created, the gui is accessible at https://localhost:8443 in any browser

Configuration backup#

The configuration is automatically committed on a git repository. Each firewall regularly pushes its configuration on a dedicated branch of the repository.

The configuration is visible on the System / Configuration / Backups page of each one.