Ctrl+K

How to access firewall settings#

Intended audience

sysadm staff members

The firewalls are 2 OPNsense VMs deployed on the PROXMOX cluster with an High Availability configuration.

They are sharing a virtual IP on each VLAN to act as the gateway. Only one of the 2 firewalls is owning all the GW ips at the same time. The owner is called the PRIMARY

Nominal Role

name (link to the inventory)

login page

PRIMARY

pushkin

https://pushkin.internal.softwareheritage.org

BACKUP

glyptotek

https://glyptotek.internal.softwareheritage.org

Access to the gui of the secondary firewall#

The secondary firewall is not directly reachable for VPN user. As the OpenVPN service is also running when the firewall is a backup, the packets coming from the VPN are routed to the local VPN on the secondary and lost.

To access to GUI, a tunnel can be used:

ssh -L 8443:pushkin.internal.softwareheritage.org:443 pergamon.internal.softwareheritage.org

Once the tunnel is created, the gui is accessible at https://localhost:8443 in any browser

Configuration backup#

The configuration is automatically committed on a git repository. Each firewall regularly pushes its configuration on a dedicated branch of the repository.

The configuration is visible on the System / Configuration / Backups page of each one.

On this page
Edit
Show Source