Hi,
I've just changed my pair of of firewalls (master/backup) from
carp/pfsync to ospf/pfsync (both external/internal interfaces).
Primary has metric 1 and backup has metric 10 in interfaces in ospfd.conf.
I'm looking for success stories for the initial bulk transfer/sync of
states with pfsync when I reboot the primary firewall for maintenance.
I don't want for it to go primary again until the initial sync finishes.
What do you guys do for that?
- Delayed ospfd start?
- copy states from the second firewall immediately after boot?
ssh root@fw /sbin/pfctl -S /dev/stdout | /sbin/pfctl -L /dev/stdin
- tricks with ifstated?
thanks for any input on this.
Giannis
