If I had a VRRP setup with 2 routers, Router 1 with a lot of firewall and NAT rules and Router 2 with none, can VRRP make it so those rules can apply to traffic that passes through Router 2? This is a hard requirement for me to use VRRP for a backup WAN system.
It is possible, although quite hard, to synchronize the configuration of those 2 routers using some scripting (so you can configure only router 1 and the config of router 2 will be automatically updated), but it isn’t possible to keep the connection tracking state of router 2 synchronized with router 1 (so it could immediately take over when router 1 fails).
This means that on router failure you will lose most connections and they will usually have to be re-established by the client devices.
Conntrack synchronisation is now available in ROS v7.
How would I do this, along with rule synchronization?
Bump
@Cablenut9
I’m not sure what mrz means by that,but
this is what you need:
https://github.com/svlsResearch/ha-mikrotik
i have done for my lab, works perfectly