Deciso's OPNsense Tour
Light Bulbs Active Passive

High Availability & Hardware Failover

The Common Address Redundancy Protocol or CARP allows for hardware failover. Two or more firewalls can be configured as a failover group. If one interface fails on the primary or the primary goes offline entirely, the secondary becomes active.

Automatic failover

If the primary firewall becomes unavailable, the secondary firewall will take over without user intervention.

Synchronized state tables

The firewall’s state table is replicated to all failover configured firewalls. This means the existing connections will be maintained in case of a failure, which is important to prevent network disruptions.

Configuration synchronization

OPNsense includes configuration synchronization capabilities. Configuration changes made on the primary system are  automatically synchronized to the secondary firewall.


Screenshot OPNsense High Availability

Your Next Firewall is Open Source !

OPNsense is an open source, easy-to-use and easy-to-build FreeBSD based firewall and routing platform.

OPNsense is licensed under an Open Source Initiative approved license. OPNsense is and will be available with the simple 2-clause BSD license.