Dear,

Is it possible to have a master/slave setup with direct syncronisation of eg firewall rules between two RB2011L-RM’s? So every change on the first routerboard will be synced directly with the second routerboard?

Best regards,
Kris

Not easily.

Sent from my SCH-I545 using Tapatalk 4

OK not easily but is it possible?

You could write a script to do it, but that is a lot of scripting…

Sent from my SCH-I545 using Tapatalk 4

I see. So it isn’t possible in the same way like PFSense can do this?

CARP (failover) - CARP from OpenBSD allows for hardware failover. Two or more firewalls can be configured as a failover group. If one interface fails on the primary or the primary goes offline entirely, the secondary becomes active. pfSense also includes configuration synchronization capabilities, so you make your configuration changes on the primary and they automatically synchronize to the secondary firewall.

Not that I know of.

You could do something as simple as this, which would be run on the master router:

slave router info

:local ip 192.168.88.2;
:local user admin;
:local pass password;

export master filter rules

/ip firewall filter export file=fwfilter

create file that will clear rules

:if ([:len [/file find name="fwfilter-clear"]] != 1) do={/file print file=fwfilter-clear;:delay 2s;}
/file set fwfilter-clear.txt contents="/ip firewall filter remove [find]";

upload files to remote router as *.auto.rsc, so they will execute on upload

/tool fetch address=$ip src-path=fwfilter-clear.txt user=$user mode=ftp password=$pass dst-path=fwfilter-clear.auto.rsc port=21 upload=yes;
/tool fetch address=$ip src-path=fwfilter.rsc user=$user mode=ftp password=$pass dst-path=fwfilter.auto.rsc port=21 upload=yes;