Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    CARP Not syncing correctly?

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    3 Posts 3 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      JGiordano
      last edited by

      For some reason any time i make changes to the Master the slave isnt being updated correctly.

      EXAMPLE:
        If i add a new VIP on Master it never syncs to Slave

      If i add a new DNS entry for a domain over-ride on Master it will sync to Slave how ever if i delete that entry from Master Slave does not Update

      I have all check boxes marked to SYNC everything from the master.. attached is a screen shot of the master and Slave CARP configuration

      MASTER SYNC int : 1.1.1.1
      SLAVE SYNC int : 1.1.1.2
      MASTER LAN : 10.1.10.1
      SLAVE LAN : 10.1.10.2
      FLOATING LAN : 10.1.10.3

      Anyone have any clue what i'm doing wrong?

      Thanks!
      Router1.jpg_thumb
      Router1.jpg
      Router2.jpg
      Router2.jpg_thumb

      1 Reply Last reply Reply Quote 0
      • R
        Reiner030
        last edited by

        Hi,

        you have setup the real interfaces on both firewalls (with same network mask) so that the CARP IP can be added in the known network onto slave firewall, too ?

        1 Reply Last reply Reply Quote 0
        • C
          cthomas
          last edited by

          You have configured FW1 to sync its states via the SYNC interface, using the the LAN IP Address of FW2..  Leave this field blank on BOTH firewalls.  Also, you'll need to make sure that you have a rule on SYNC that permits pfSync traffic from SYNC subnet to SYNC Address.

          On any interface(s) with CARP, ensure that you specify a rule that says 'permit carp from LAN subnet to LAN address'.

          On your LAN, you may also want to add a 'permit tcp from LAN subnet to LAN address on port 519' to ensure that the DHCP Fail-over communications are permitted through.

          Other than that, it looks correct.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.