How to access firewall settings#
Intended audience
sysadm staff members
The firewalls are 2 OPNsense VMs deployed on the PROXMOX cluster with an High Availability configuration.
They are sharing a virtual IP on each VLAN to act as the gateway. Only one of the 2
firewalls is owning all the GW ips at the same time. The owner is called the PRIMARY
Nominal Role |
name (link to the inventory) |
login page |
|---|---|---|
PRIMARY |
||
BACKUP |
Access to the gui of the secondary firewall#
The secondary firewall is not directly reachable for VPN user. As the OpenVPN service is also running when the firewall is a backup, the packets coming from the VPN are routed to the local VPN on the secondary and lost.
To access to GUI, a tunnel can be used:
ssh -L 8443:pushkin.internal.softwareheritage.org:443 pergamon.internal.softwareheritage.org
Once the tunnel is created, the gui is accessible at https://localhost:8443 in any browser
Configuration backup#
The configuration is automatically committed on a git repository. Each firewall regularly pushes its configuration on a dedicated branch of the repository.
The configuration is visible on the System / Configuration / Backups page of each one.