CARP and High Availability Sync



  • I am running two pfSense routers in a failover setup. During the installation process of my secondary router last week, I tested to make sure that the failover worked by turning off my primary and seeing if the secondary became the master. It did and internet was working just fine.

    Something that I have noticed this week, however, is that the two routers are not syncing to each other. I know this because there are some NAT rules on the primary router that are not on the secondary despite the High Availability Sync having the settings for NAT sync turned on. This is my first dance with failover routers. I have tried following the guides on the docs.pfsense.org site to set up CARP and High Availability Sync but something is still missing.

    I am using this guide to help me set things up: https://doc.pfsense.org/index.php/Configuring_pfSense_Hardware_Redundancy_(CARP)

    Please let me know what I am doing wrong. I know that the IPs and passwords are correct as I have triple checked both. Thank you.








  • What foes it tell in the systemlogs?
    Does webgui of backup work properly?
    Or in the menu try: status/filterreload/force sync
    Or try to curl the webgui of the backupbox from the primary console?
    On backup the "Synchronize Config to IP" must be empty.


  • Netgate

    Can you ping the secondary's sync address from the primary?

    Firewall rules on the secondary allow webgui traffic?

    When you make changes on the primary are you getting alerts that the sync to the secondary had problems?

    Anything in the System log?