On 5/31/2012 5:41 PM, Damien Fleuriot wrote:
Furthermore, when upgrading the CARP Master firewall, we need to plan with the Project Manager a failover to the CARP Backup firewall. Yes, I know about pfsync, yes, we use it, no, it doesn't *instantly* sync sessions for PF.
A bit offtopic on this thread, but isn't pfsync designed to do just that? instantly?
With instantly I really mean: Communicate every change to the stable table to the other firewall in order to let the stateful connections survive a firewall failover. Obviously, some packets will be lost, but TCP connections should survive, right? I am not arguing, I ask. Nikos _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
