Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Sync from secondary to primary when secondary becomes master

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    3 Posts 2 Posters 895 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R Offline
      reinaldo.gomes
      last edited by

      How can I sync from secondary to primary, once the secondary becomes the master? Assuming that this is not possible, is there any reason for that, other than a GUI limitation?

      I think that the master should be the replication source, no matter which firewall becomes the master.

      1 Reply Last reply Reply Quote 0
      • C Offline
        cmb
        last edited by

        You can't. That would end up being a mess of possibilities for overwriting config changes inadvertently. The one with current master status has no relevance, the primary is where you make config changes.

        1 Reply Last reply Reply Quote 0
        • R Offline
          reinaldo.gomes
          last edited by

          Sure, but what if the primary (now a backup) is not reachable through any interfaces, and you must make changes to the firewall (secondary, now acting as master) right away? What do you do? Write down every config change, then execute them in the primary as soon as it comes back online?

          There might be an even worse scenario: what if I don't even realize that I'm making changes to the secondary? Don't people usually complain about this potential issue? I'm not sure whether this is not very common, or if there's an alternative which I'm not aware of.

          Please, don't get me wrong, I don't mean to offend (plus, english is not my native language), that's just out of curiosity, but I was told that Cisco ASA works as I thought pfSense should: whoever's the master, becomes the config replication source. Is it really that complex to implement such a feature?

          Maybe I'm just looking at things from the wrong point of view, but I'm afraid people will frown at this if config replication might become an issue. So I was looking for a solution

          Thanks for your time and patience anyway.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.