Configuring VYOS for HA and port forwarding

Remember, configure, commit, save!!!

Set Interface IP's

set interfaces ehternet ethx address x.x.x.x

Hostname-

set system host-name (name)

DNS-

set system name-server x.x.x.x

Gateway-

set system gateway-address x.x.x.x

Nat for LAN --> WAN

set nat source rule xxx source address x.x.x.x/xx

set nat source rule xxx translation address masquerade

set nat source rule xxx outbound-interface ethx

Port forwarding-

set nat destination rule xxx description "Port forward to lan address"

set nat destination rule xxx destination port xxxx

set nat destination rule xxx protocol (tcp/udp)

set nat destination rule xxx inbound-interface ethx

set nat destination rule xxx translation address x.x.x.x

Use command show nat rule xxx to verify nat rule!

High Availability VRRP and Sync-Group

set interfaces ethernet ethx vrrp vrrp-group xxx preempt true

set interfaces ethernet ethx vrrp vrrp-group xxx priority xxx (set between 0 and 250 with primary FW at higher number)

set interfaces ethernet ethx vrrp vrrp-group xxx virtual-address x.x.x.x/xx

set interfaces ethernet eth0 vrrp vrrp-group xxx sync-group (syncname)

Note on sync group- Create a different one for each cluster of interfaces (i.e. all WAN interfaces together)

To check the status of HA, use - run show vrrp

Remember, these action needs to be performed on every firewall, and HA must be configured on each interface Each group gets a different number! (WAN seperate from LAN). Sync group applies to all groups regardless of location!