Rule problem in a cluster

cisco0613

Hello,
I have a cluster of two pfsense netgate xg1541. The master manages all traffic. HA is therefore set to both firewalls. When I create a rule from the master, it is duplicated on the second. However, after a few seconds I lose my internet connection. The Ping still works on the carp lan but it is impossible to go outside. This problem occurs only on the master. I am obliged to disable the master's carp mode to redirect traffic to the slave. The slave does not have this problem. It works normally. However, I reinstalled the master several times using a usb key and reimported its configuration but the problem persists. I don't have a problem displayed in the logs. Are you aware of this problem? Thank you for your help.
Regards.

cisco0613

The cluster version is 22.01.

Klaws

No clue. Did you check that "Synchronize Config to IP" in "Configuration Synchronization Settings (XMLRPC Sync)" is empty on the second firewall?

SteveITS

@cisco0613 If you have a lot of rules, and the outage is very temporary, there is a patch in the System Patches package for "Disable pf counter data preservation to temporarily work around latency when reloading large rulesets (Redmine #12827)."

However your description doesn't sound very temporary. When this happens does the Status/CARP page look correct on both routers as to the primary having all the Masters?

cisco0613

@klaws
Hello,
The "Synchronize Config to IP" field is empty on the slave pfsense. The configuration has been checked several times.

cisco0613

@steveits
Hello,
When I add the rule on the master, it is duplicated on the second pfsense. The master pfsense remains master in "status/CARP".
The second pfsense is in "Backup".
Yes the problem is not temporary, I have a total loss to the internet.
The master's wan interfaces are up and communicating with their gateway. But unable to access the internet.
The interfaces are in green on the dashboard.

Regards.