Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HA #1 sends and applies conf changes on #2 before being confirmed on #1?

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 3 Posters 239 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      techstone
      last edited by

      Hi,

      I'm preparing a new pfSense 2.4.3 HA pair to replace a standalone 2.4.3. All are running on Netgate XG-1541.

      It appears that when I make an arbitrary configuration change on the PRIMARY (such as adding a firewall rule or adding a new CARP VIP – those are the two I tested so far) and SAVE it in the GUI, the changes are instantly applied on the SECONDARY box. However, they are only applied on the PRIMARY box when I click the actual APPLY button in the GUI. I've confirmed this by comparing the output of 'pfctl -s r' and 'ifconfig' on the primary and secondary boxes when saving and when applying.

      This seems counterintuitive to me. I would expect the primary to send changes to the secondary only when the APPLY button is pushed. Is this normal sense behavior? Or a bug? Or just something I'm missing?

      Thanks!
      -Martin

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        All in all what does it matter since the secondary is not passing any traffic?

        The other option would be to require you to go to the secondary and apply every change separately.

        Saving makes the configuration change, which is synced and automatically applied. Applying on the primary reloads the filter (or does whatever action is required). That action is not a configuration change so it is not synced.

        I would call that normal and expected behavior.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • GrimsonG
          Grimson Banned
          last edited by

          The APPLY button only reloads the affected filters/services, it's not a way of queueing config changes. The actual config has already been changed when you hit the SAVE button, and is of course being synced.

          1 Reply Last reply Reply Quote 0
          • T
            techstone
            last edited by

            @Derelict:

            All in all what does it matter since the secondary is not passing any traffic?

            I see your point Derelict.  :)

            Thanks,
            -Martin

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.