Product ManualXG-7100-1U
Fig. 11: XMLRPC Sync Failure Firewall Log Entry
Check the Admin User
Visit System > User Manager and ensure that the admin user is enabled on both systems and that the admin password
is the same on both systems. Visit System > High Avail Sync and double check that the admin username has been
entered and that the correct password is present.
Verify Connectivity
Check Status > Interfaces and ensure the Sync interface shows a link on both units. If there is no link, ensure a cable
is connected between the two units. The ports on the SG-4860 are Auto-MDIX so either a straight-through patch or
a crossover cable will work. If a short cable is in use, try a longer cable (minimum 3ft/1m). If a link can still not be
achieved, try using a small switch or VLAN between the two nodes.
Add a firewall rule to the Sync interface to allow ICMP echo requests and then attempt to ping from one firewall to the
other to ensure they can reach each other at layer 3. If they cannot, double check the interface IP address and subnet
mask settings, along with the cabling.
2.5.4 Troubleshooting pfsync
If the pfsync nodes do not line up under Status > CARP, that can indicate that the states have not been synchronized.
Check Firewall Rules
Check the firewall log at Status > System Logs, Firewall tab on both nodes. If any pfsync protocol traffic is present,
the firewall rules on the Sync interface are probably incorrect.
Look at Firewall > Rules on the Sync interface tab. Make sure that the rules will pass pfsync protocol traffic, or traffic
of any protocol, to any destination. Adjust the rules accordingly and check the logs and CARP status again to see if it
starts working.
Verify Connectivity
See Verify Connectivity above to check the connection between the nodes.
Check Interfaces
If the states appear to sync but failover is still not seamless, check Interfaces > (Assign) and make sure the interfaces
all line up physically as well as by name. In pfSense 2.2 and later, the states are bound to the interface so if, for
example, the LAN interface is igb0 on one unit but igb3 on the other, then the states will not line up. Fix the interfaces
so they are identical on both units.
2.5. Troubleshooting High Availability 63
To Next Page
Loading...
