Unifi problems routing wan via vlan to two opnsenses

Hi,

I have to route the wan from my ISP (Vodafone) to two opnsese firewall via vlan. I have static IP’s from my ISP, HA (Carp) is not configured on the WAN ports of the firewalls at the moment. HA is succesfully implemented on serveral other ports and vlans of the two firewalls and runs without an issue.

As soon I plug in the two firewalls together in the unifi switch I got a broadcast storm which takes down my complete network.

If only one of the firewall is plugged in the vlan-wan-port it works as expected. One firewall and a other device (laptop), it works as expected. If I activate port isolation for the wan-vlan (, so no CARP/HA possible,) on the unifi switch for the wan-vlan ports, it works as expected. Other Vlan networks (same firewalls, same switch) works without an issue (CARP/HA is activatedin the other vlan’s).

Any hints or settings I should try to get both firewall up and running in HA together?

I am not as familiar with OPNsense so not sure what would cause that.

Hi Tom,

don’t think opnsense is causing the problems at the end. Other LAN’s and VLAN’s are running in ha setup on both firewalls without an issue. Also changed the physical ports of the firewalls, so it isn’t a hardware failure. Strangely enough, when the problem occurs, the switch that is connected to both firewalls doesn’t fail first. First switch which fails is an Aggregation switch between switch of ISP port and switch of the firewalls, so I think the packet flood is comming from the other side of the network. (btw. This switch fails every time at first, next failures are on an random walk in the network …)

I hope to find the right unifi vlan/port settings to solve the problem. At the moment I’m experimenting at “Storm Control”. All other Features/Settings are deactivated at the moment.