HIGH AVAILABILITY / HARDWARE FAILOVER

The Common Address Redundancy Protocol or CARP allows for hardware failover. Two or more firewalls can be configured as a failover group. If one interface fails on the primary or the primary goes offline entirely, the secondary becomes active.

Overview

OPNsense utilises the Common Address Redundancy Protocol or CARP for hardware failover. Two or more firewalls can be configured as a failover group. If one interface fails on the primary or the primary goes offline entirely, the secondary becomes active. Utilising this powerful feature of OPNsense creates a fully redundant firewall with automatic and seamless fail-over. While switching to the backup network connections will stay active with minimal interruption for the users.

Automatic failover

If the primary firewall becomes unavailable, the secondary firewall will take over without user intervention.

Synchronised state tables

The firewall’s state table is replicated to all failover configured firewalls. This means the existing connections will be maintained in case of a failure, which is important to prevent network disruptions.

Configuration synchronisation

OPNsense includes configuration synchronisation capabilities. Configuration changes made on the primary system are automatically synchronised to the secondary firewall.