Community discussions

MikroTik App
 
Cablenut9
Long time Member
Long time Member
Topic Author
Posts: 542
Joined: Fri Jan 08, 2021 5:30 am

Keep using firewall rules with VRRP

Tue Mar 30, 2021 9:50 pm

If I had a VRRP setup with 2 routers, Router 1 with a lot of firewall and NAT rules and Router 2 with none, can VRRP make it so those rules can apply to traffic that passes through Router 2? This is a hard requirement for me to use VRRP for a backup WAN system.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10194
Joined: Mon Jun 08, 2015 12:09 pm

Re: Keep using firewall rules with VRRP

Tue Mar 30, 2021 11:31 pm

It is possible, although quite hard, to synchronize the configuration of those 2 routers using some scripting (so you can configure only router 1 and the config of router 2 will be automatically updated), but it isn't possible to keep the connection tracking state of router 2 synchronized with router 1 (so it could immediately take over when router 1 fails).
This means that on router failure you will lose most connections and they will usually have to be re-established by the client devices.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7041
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Keep using firewall rules with VRRP

Tue Mar 30, 2021 11:38 pm

Conntrack synchronisation is now available in ROS v7.
 
Cablenut9
Long time Member
Long time Member
Topic Author
Posts: 542
Joined: Fri Jan 08, 2021 5:30 am

Re: Keep using firewall rules with VRRP

Wed Mar 31, 2021 2:23 am

Conntrack synchronisation is now available in ROS v7.
How would I do this, along with rule synchronization?
 
Cablenut9
Long time Member
Long time Member
Topic Author
Posts: 542
Joined: Fri Jan 08, 2021 5:30 am

Re: Keep using firewall rules with VRRP

Wed Mar 31, 2021 11:32 pm

Bump
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: Keep using firewall rules with VRRP

Thu Apr 01, 2021 6:53 am

@Cablenut9



I'm not sure what mrz means by that,but
this is what you need:
https://github.com/svlsResearch/ha-mikrotik

i have done for my lab, works perfectly

Who is online

Users browsing this forum: accarda, onnyloh and 16 guests