Hi Tom
On 5/11/22 21:32, Tom Smyth wrote:
We are updating some course material for an upcoming PF firewall course,
and I would like to put a call out to those who use PFsync in a
redundant firewall cluster
The one thing that immediately comes to mind is to NOT use a crossover
cable for the pfsync connection (even though that seems to be kind of
recommended in the pfsync(4) man page). Doing so will lead to a change
of the other firewall's carp demotion counter on its pfsync interface if
one peer is rebooted or shut down (and thus causing a link down event on
the cabled interface on the other side). It also gives you three chained
single points of failure at the same time (nic1, cable, nic2), which I
would rather avoid (do the math).
I do of course agree with the intention of the suggestion (only run
pfsync over a secure link). Since I am in the position where I only run
my PF firewalls in a trusted environment, where I also control the
switches (no shared cloud etc. infrastructure), I have found that
running pfsync over a dedicated VLAN interface on a pair of trunk(4)ed
NICs on 2 trusted switches sufficiently satisfies that requirement.
Best, Markus
