On Wed, Jun 13, 2012 at 6:19 PM, Chris Buechler <[email protected]> wrote: > > You have to enable "synchronize states" on the secondary too or it > won't accept them. Firewall>VIPs, CARP settings tab.
Thanks for this tip. I thought perhaps my problem was that I was sharing an interface for this, and the boxes in question were woefully underpowered for my load.. So now I have installed some brand new dual-core Xeon boxes to work as the firewall with failover. I set up a dedicated interface (em3) for the sync and assigned the IP 10.11.12.2 and 10.11.12.3 to these on the two boxes. The config sync works great over this interface. The states are still seemingly not synced. Both systems do have "Synchronize state" checked, and both have the same interface selected, and all traffic is permitted on those interfaces at the firewall tab. Yet the backup system is showing state table size of 11 entries while the primary has at this moment over 27k states. Any more ideas on where to look? _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
