我现在已经设置了 HA 环境。除了设置同步之外,其他一切都运行良好。
同步接口已启动,两个防火墙上的状态同步均已设置。CARP VIP 正在运行,状态同步也已成功。我可以通过 Sync-Net 从一个防火墙 ping 到另一个防火墙,并进行反向连接。
同步选项卡中的防火墙规则:允许任何两台 FW 均在 HTTPS 端口 444 上两台 FW 均在版本 2.7.2-RELEASE 上两台 FW 具有完全相同的接口
主 PF:172.22.1.2 辅助 PF:172.22.1.3
Syslog 主 PF:
Nov 16 15:54:22 kernel carp: demoted by 0 to 0 (pfsync bulk fail)
Nov 16 15:54:01 php-fpm 44568 /rc.filter_synchronize: The pfSense software configuration version of the other member could not be determined. Skipping synchronization to avoid causing a problem!
Nov 16 15:54:01 php-fpm 44568 /rc.filter_synchronize: XMLRPC versioncheck: -- 23.3
Nov 16 15:54:01 php-fpm 44568 /rc.filter_synchronize: New alert found: A communications error occurred while attempting to call XMLRPC method host_firmware_version: Unable to connect to tls://172.22.1.3:444. Error: Operation timed out
Nov 16 15:54:01 php-fpm 44568 /rc.filter_synchronize: A communications error occurred while attempting to call XMLRPC method host_firmware_version: Unable to connect to tls://172.22.1.3:444. Error: Operation timed out
Nov 16 15:53:51 php-fpm 44568 /rc.filter_synchronize: Beginning XMLRPC sync data to https://172.22.1.3:444/xmlrpc.php.
辅助服务器上的 Syslog:
Nov 16 15:49:33 kernel carp: demoted by 0 to 0 (pfsync bulk fail)
Nov 16 15:48:29 php-fpm 46926 /system_hasync.php: Configuring CARP settings finalize...
Nov 16 15:48:29 php-fpm 46926 /system_hasync.php: pfsync done in 1 seconds.
Nov 16 15:48:28 kernel carp: demoted by 0 to 0 (pfsync bulk start)
Nov 16 15:48:28 php-fpm 46926 /system_hasync.php: waiting for pfsync...
Nov 16 15:48:28 check_reload_status 428 Syncing firewall
我读到我必须禁用 DNS 解析器:同样的问题。如果我取消选中所有同步框并尝试同步例如“防火墙规则”:同样的问题。
有什么想法吗?