Skip to main content

Viewing Status on a High Available OPNsense Cluster Firewall

Two or more OPNsense firewalls can be configured as redundant firewalls with automatic fail-over. If one of the network interfaces fails on the primary firewall or the primary firewall goes offline entirely, the secondary becomes active.

Viewing Zenarmor (Sensei) Status on HA#

For an OPNsense cluster environment, the Zenarmor plugin should be installed on all cluster nodes separately.

By navigating to Zenarmor โ†’ Configuration โ†’ HA on OPNsense GUI, you can view the Zenarmor versions on the backup firewalls.

Zenarmor versions on the Backup FW pane provides detailed information about:

  • Engine version

  • Application Database version

  • Rules Database version

  • Reporting Database version

If Zenarmor is running on a standalone firewall, not a cluster firewall, the Backup FW IP not defined message is displayed in this HA tab.

HA page on a standalone firewall

Figure 1. HA page on a standalone firewall.

If you have an OPNsense cluster firewall, you can view the details of the Zenarmor versions and Zenarmor services status on the Backup firewall. You can also check whether the configuration and policies are synchronized with the secondary firewall or not.

HA page on a cluster firewall

Figure 2. HA page on a cluster firewall.

If you change Zenarmor configuration and policies on the primary OPNsense, a warning message indicating that you are working on a cluster system and system configuration should be synchronized appears on the screen. You can initiate a synchronization by clicking the Sync button in the notification message.

In Backup FW Zenarmor Services Status pane, you can view the status of the following Backup Firewall services:

  • Zenarmor Engine and

  • Zenarmor Reporting Database.

In Backup FW Zenarmor Services pane, you can view

  • the synchronization status of the Zenarmor Configuration

  • the synchronization status of the Zenarmor Policies

  • last Update Time of the Zenarmor Configuration

  • last Update Time of the Zenarmor Policies

not synchronized with backup firewall. Black Cloud with an up arrow icon in the Status means that Zenarmor Configuration/Policies is/are not synchronized with backup firewall. To synchronize them, click this button in the status column.

synchronized with backup firewallCheckmark icon means that in the Status means that Zenarmor Configuration/Policies is/are not synchronized with backup firewall.

ynchronization of Zenarmor Configuration and Policies with Backup Firewall

Figure 3. Synchronization of Zenarmor Configuration and Policies with Backup Firewall

Zenarmor Configuration and Policies are synchronized with Backup Firewall

Figure 4. Zenarmor Configuration and Policies are synchronized with Backup Firewall