Hello everyone,
I’m running VyOS as a vFirewall in our environment, it’s installed in Vcenter (located in datacenter) as a VM and everything connected to this VyOS firewall (6 interfaces), we have just this firewall and if I want to change something on it and I lose my access to firewall I lose access to whole of our network and need ask from Datacenter to restore it to last backup again !
so do you have any idea to solve this problem or do you think if I can setup a new firewall as a second firewall and setup redundancy on them or anything else ?
This isn’t a Vyos problem at all. This is a network management/planning problem.
You need an Out of Band management network. That might be something as simple as a small Raspberry Pi with a serial USB in it, that you can connect to to manage the Vyos console if you do something to break networking.
If you’re in an environment (i.e. buying virtual machines) where you can’t physically add hardware, at least try to add another VM you can access that can talk to the serial port of the Vyos router, giving you the same result.
Or as a really last restort, just create a /30 between the Vyos router and the “recovery host” and make sure you don’t even disable that interface or break SSH, then you should always be able to SSH over your recovery host interface to the Vyos box.
As @Viacheslav has mentioned though, it’s hard to provide concrete advice without knowing what you’re trying to achieve. Proper redundancy is usually done with multiple routers running a routing protocol, in combination with say VRRP or some other sort of “shared state” protocol.