Sync from secondary to primary when secondary becomes master



  • How can I sync from secondary to primary, once the secondary becomes the master? Assuming that this is not possible, is there any reason for that, other than a GUI limitation?

    I think that the master should be the replication source, no matter which firewall becomes the master.



  • You can't. That would end up being a mess of possibilities for overwriting config changes inadvertently. The one with current master status has no relevance, the primary is where you make config changes.



  • Sure, but what if the primary (now a backup) is not reachable through any interfaces, and you must make changes to the firewall (secondary, now acting as master) right away? What do you do? Write down every config change, then execute them in the primary as soon as it comes back online?

    There might be an even worse scenario: what if I don't even realize that I'm making changes to the secondary? Don't people usually complain about this potential issue? I'm not sure whether this is not very common, or if there's an alternative which I'm not aware of.

    Please, don't get me wrong, I don't mean to offend (plus, english is not my native language), that's just out of curiosity, but I was told that Cisco ASA works as I thought pfSense should: whoever's the master, becomes the config replication source. Is it really that complex to implement such a feature?

    Maybe I'm just looking at things from the wrong point of view, but I'm afraid people will frown at this if config replication might become an issue. So I was looking for a solution

    Thanks for your time and patience anyway.