Hi
I have an RB1000 and RB450G as a hotstandby.
The RB450G has an IP Address in the range allocated which is different to the RB1000. Should the RB1000 fail then the RB450G can take over with the change of a couple IP’s. I need to replicate the firewall rules from the 1000 to 450 when ever rules are changed. I will be happy even with a manual export/import. I tried searching the forum/Google for this and never found anything useful. We currently have ver 4.3 on the live units. I know there are newer builds than 4.3, but I can’t have a firmware upgrade maintenance for a few weeks.
Thanks
Graeme
The command you need is /ip firewall export
this will give you a complete print out of your rules, but if there are IP addresses that relate to your LAN then this may need to be changed to take note of the difference in IPs
Thanks, I worked out the export. both units have 4.3 on, when importing the rules on RB450G, it tells me the rule is ambiguous, I seemed to iscolate it my established/related rules.
Do they have any reference to MAC addresses or ports which can’t be crossed over?
This is the extract from the export
add action=accept chain=input comment=“” connection-state=established
connection-type=“” disabled=no
add action=accept chain=input comment=“” connection-state=related
connection-type=“” disabled=no