HA #1 sends and applies conf changes on #2 before being confirmed on #1?
-
Hi,
I'm preparing a new pfSense 2.4.3 HA pair to replace a standalone 2.4.3. All are running on Netgate XG-1541.
It appears that when I make an arbitrary configuration change on the PRIMARY (such as adding a firewall rule or adding a new CARP VIP – those are the two I tested so far) and SAVE it in the GUI, the changes are instantly applied on the SECONDARY box. However, they are only applied on the PRIMARY box when I click the actual APPLY button in the GUI. I've confirmed this by comparing the output of 'pfctl -s r' and 'ifconfig' on the primary and secondary boxes when saving and when applying.
This seems counterintuitive to me. I would expect the primary to send changes to the secondary only when the APPLY button is pushed. Is this normal sense behavior? Or a bug? Or just something I'm missing?
Thanks!
-Martin -
All in all what does it matter since the secondary is not passing any traffic?
The other option would be to require you to go to the secondary and apply every change separately.
Saving makes the configuration change, which is synced and automatically applied. Applying on the primary reloads the filter (or does whatever action is required). That action is not a configuration change so it is not synced.
I would call that normal and expected behavior.
-
The APPLY button only reloads the affected filters/services, it's not a way of queueing config changes. The actual config has already been changed when you hit the SAVE button, and is of course being synced.
-
All in all what does it matter since the secondary is not passing any traffic?
I see your point Derelict. :)
Thanks,
-Martin