Project

General

Profile

Feature #8474

Easier Conversion to HA Pair from Existing Non-HA Firewall

Added by Dennis Chow over 1 year ago.

Status:
New
Priority:
Low
Assignee:
-
Category:
High Availability
Target version:
Start date:
04/19/2018
Due date:
% Done:

0%

Estimated time:

Description

Requesting perhaps a guided wizard built-in to convert an existing well established pfsense 2.4.x configuration (such as existing suricata, dhcp, port forwards, etc.) to migrate to an HA pair with an equivalent hardware profile and same installed version. It could be as simple as exporting a config file and cached packages that can be loaded to the secondary pfsense box for a ready-made primary/slave configuration through USB or some other bootstrap means while 'off' the network. While the existing content and documentation from NetGate and varying youtube walkthroughs are sufficient for brand new configurations; it seems somewhat more significantly more complex to convert an existing setup to HA. When considering other solutions such as a WatchGuard XTM, Palo Alto, or Sonicwall series; you can dedicate a single sync port and then while and select another node (with its own WAN and seperate LAN IP) to begin immediate syncing as an active/stand by configuration. While this may not alleviate the best practice for having up to 3 WAN IP's including the CARP VIP; it seems rather tedious to go HA if not on a fresh install even with 2.4.x

Also available in: Atom PDF