----- Mail original ----- De: "Chris L" <c...@viptalk.net> À: "Raphaël RIGNIER" <r.rign...@leschartreux.net> Envoyé: Vendredi 1 Avril 2016 20:09:15 Objet: Re: [pfSense] Sync problem betweens 2 nodes
> On Apr 1, 2016, at 8:23 AM, Raphaël RIGNIER <r.rign...@leschartreux.net> > wrote: > > Hi community. > I'm trying to sync 2 SG-8860 nodes for high avaibality. > Relase 2.2.6-RELEASE > I've read the doc on HA from portal.pfsense.org but I'm having an issue. > > Configuration sync from master to slave is almost working. > But SYNC interface's Firewall rules are cleared on slave each sync attempt. > If I add a temp allow all rule on slave's SYNC interface, as describe in doc, > it is cleared on the next sync event. > Even if the allow rule is present on master. > > I Haven't seen anithing insterstoing in log files. > > Does someone have an idea ? > > Thank you. > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold Off-List: Can you send me Status > Interfaces for both primary and secondary sync interfaces including the header bars? Like this: Secondary: PFSYNC interface (opt2, igb5) Status up MAC address 00:08:a2:09:97:d6 IPv4 address 172.22.80.2 Subnet mask IPv4 255.255.255.248 IPv6 Link Local fe80::208:a2ff:fe09:97d6 MTU 1500 Media 1000baseT <full-duplex> In/out packets 8247857/1 (9.38 GB/40 bytes) In/out packets (pass) 8247857/1 (9.38 GB/40 bytes) In/out packets (block) 0/0 (0 bytes/0 bytes) In/out errors 0/0 Collisions 0 -------------- Thank you ! In the doc it was written : ---- Interface Assignments Interfaces must be assigned in the same order on all nodes exactly. If the interfaces are not aligned, configuration synchronization and other tasks will not behave correctly. ---- I followed your advice and redo config on both nodes from scratch, With all physical interfaces assigned, even if not yet set. Now HA and config sync is working great. I'll have to take care with vlan assignement order. Unfortunatelay, some of my wan are PPPOE. I'll have to avoid CARP VIP on those interfaces. But Reconnect would be sufficient. R. RIGNIER _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold