Rule and Configuration Synchronization not for CARP



  • Hi,
    I searched and hope this is a new topic.

    I have about a dozen firewalls running across our corporate network. When we make changes to rules or have new ports opened up for RDP access or whatnot, I have to either go to each one and make the same changes - or - overwrite every one and change the hostname.

    Is there a proper way to replicate configurations when not using an HA/redundancy setup?

    Thanks in advance.



  • If the cofigurations are the same you can use XMLRPC Sync form System: High Availability Sync menu. It's just for snycing cofig and can also be used independent from CARP.
    Don't check "Synchronize States"!

    You may select which parts should be synced:

    • Synchronize Users and Groups

    • Synchronize Auth Servers

    • Synchronize Certificates

    • Synchronize rules

    • Synchronize Firewall Schedules

    • Synchronize aliases

    • Synchronize NAT

    • Synchronize IPsec

    • Synchronize OpenVPN

    • Synchronize DHCPD

    • Synchronize Wake on LAN

    • Synchronize Static Routes

    • Synchronize Load Balancer

    • Synchronize Virtual IPs

    • Synchronize traffic shaper(queues)

    • Synchronize traffic shaper(limiter)

    • Synchronize traffic shaper(layer7)

    • Synchronize DNS Forwarder / Resolver

    • Synchronize Captive Portal



  • OK, I'll give it a look.

    Thanks for your time.



  • That's not an answer for what you're looking to accomplish. Can only sync the entirety of that portion of the config (which almost certainly won't be identical across everything), and can only do so to one other host.

    Some have hacked up their own solutions to accomplish parts of that, specific to their general config management usage. We'll have a solution for centralized management in the future.


Log in to reply