Community discussions

MUM Europe 2020
 
gwalker
just joined
Topic Author
Posts: 12
Joined: Wed Jun 02, 2010 4:53 pm

Standby/Replicate config

Wed Jun 02, 2010 5:01 pm

Hi

I have an RB1000 and RB450G as a hotstandby.
The RB450G has an IP Address in the range allocated which is different to the RB1000. Should the RB1000 fail then the RB450G can take over with the change of a couple IP's. I need to replicate the firewall rules from the 1000 to 450 when ever rules are changed. I will be happy even with a manual export/import. I tried searching the forum/Google for this and never found anything useful. We currently have ver 4.3 on the live units. I know there are newer builds than 4.3, but I can't have a firmware upgrade maintenance for a few weeks.

Thanks
Graeme
 
bigguns
Member Candidate
Member Candidate
Posts: 238
Joined: Thu Apr 01, 2010 9:03 am

Re: Standby/Replicate config

Thu Jun 03, 2010 7:54 am

The command you need is /ip firewall export
this will give you a complete print out of your rules, but if there are IP addresses that relate to your LAN then this may need to be changed to take note of the difference in IPs
 
gwalker
just joined
Topic Author
Posts: 12
Joined: Wed Jun 02, 2010 4:53 pm

Re: Standby/Replicate config

Thu Jun 03, 2010 8:17 am

Thanks, I worked out the export. both units have 4.3 on, when importing the rules on RB450G, it tells me the rule is ambiguous, I seemed to iscolate it my established/related rules.
 
bigguns
Member Candidate
Member Candidate
Posts: 238
Joined: Thu Apr 01, 2010 9:03 am

Re: Standby/Replicate config

Thu Jun 03, 2010 9:12 am

Do they have any reference to MAC addresses or ports which can't be crossed over?
 
gwalker
just joined
Topic Author
Posts: 12
Joined: Wed Jun 02, 2010 4:53 pm

Re: Standby/Replicate config

Thu Jun 03, 2010 10:04 am

This is the extract from the export

add action=accept chain=input comment="" connection-state=established \
connection-type="" disabled=no
add action=accept chain=input comment="" connection-state=related \
connection-type="" disabled=no

Who is online

Users browsing this forum: No registered users and 63 guests