All,

I have a pair of OpenBSD 4.1 firewalls using pf with pfsync to provide state synchronisation.

To provide automatic routing around any network failures ospf is enabled to allow the firewalls to exchange routing information with the routers.

This has the effect that traffic might well pass through the cluster via firewall1 and the reply exit via firewall2. I expected pfsync to cause pf to be able to handle this but it does appear problematical in tests.

Does anyone have any comments? Is this setup supported or recommended? Is there any easy way to get some diagnostic info from a firewall's state table?

I have done some digging (OpenBSD pf faq, google etc) but if anyone can point out any docs for me to RTFM then please do. Im wearing my asbestos underwear ;)

yours,
Neil S.

Reply via email to