HA Sync not working on new SG-1100

askewdread

We have setup the HA Sync with our new appliances, and we are getting the following error on the slave with nothing being sync'd, i have checked and theres no updates currently

PHP Errors:
[09-Mar-2023 21:55:39 Pacific/Auckland] PHP Fatal error:  Uncaught TypeError: Cannot access offset of type string on string in /usr/local/www/xmlrpc.php:399
Stack trace:
#0 /usr/local/share/pear/XML/RPC2/Server/CallHandler/Instance.php(141): pfsense_xmlrpc_server->restore_config_section(Array, 900)
#1 /usr/local/share/pear/XML/RPC2/Backend/Php/Server.php(135): XML_RPC2_Server_Callhandler_Instance->__call('pfsense.restore...', Array)
#2 /usr/local/share/pear/XML/RPC2/Backend/Php/Server.php(99): XML_RPC2_Backend_Php_Server->getResponse()
#3 /usr/local/www/xmlrpc.php(988): XML_RPC2_Backend_Php_Server->handleCall()
#4 {main}
  thrown in /usr/local/www/xmlrpc.php on line 399

rcoleman-netgate

I wouldn't personally run HA on the 1100 but it looks like you're running into this:

https://redmine.pfsense.org/issues/14034

stephenw10

Yup, you should be able to apply the fix for that via the System Patches package.

But I would also reconsider running 1100s in HA. At least understand the limitations doing so will impose.

Steve

askewdread

@stephenw10 thanks for that, it did fix it once i added the virtual ips

what sort of limitations would you see with the 1100? i wanted to get the next versions up but didnt have enough money to do those ones

im hitting some memory issues where php-fpm is taking up almost all the memory which i was going to post about

stephenw10

The biggest limitation here is that the ports on the 1100 are all switched. That means that the pfSense will not see any single port lose link and demote itself to cause a failover.
It will still failover as expected if the Primary stops responding entirely or loses power etc.

The same as is show here for the 7100: https://docs.netgate.com/pfsense/en/latest/solutions/xg-7100-1u/switch-overview.html#high-availability

rcoleman-netgate

@askewdread said in HA Sync not working on new SG-1100:

i wanted to get the next versions up but didnt have enough money to do those ones

You'd actually have to go up 2 systems to the 4100 to avoid the switching limitation -- the 2100 has the same switch but only on the 4 LAN ports.

The 3100 (which we discontinued sale of more than a year ago) had 3 dedicated interfaces the last of which was shared on a switch (LAN1-4). The 7100, as @stephenw10 pointed out, has one as well in a different layout.

The rest of our models (4100, 5100[end of sale], 6100, 8200, 1537, 1541) all have dedicated interfaces across all ports -- any naming on them via silkscreening is simply cosmetic.

askewdread

@stephenw10 ok cool thanks for that, they all go into the same switch anyway so single port loosing connection isnt too major at the moment, its more just in case one device goes down which it sounds like it will work with

will keep that in mind for future upgrades though