Did my conversion this way: - added carp ips to firewall - did config backup - switched carp and main ips with editor - restored config to firewall - edited fw & nat rules - did backup - edited ips and restored to sec. firewall - and enabled config sync
works well.it was about two hour job ;) Eero 4.12.2017 19.16 "Chris L" <c...@viptalk.net> kirjoitti: > > > > On Dec 4, 2017, at 9:07 AM, Eero Volotinen <eero.voloti...@iki.fi> > wrote: > > > > well. my plan was to add first carp vip addresses to old configuration > with > > gui and then > > switching them to main addresses using search and replace. > > > > and then just restore config to main firewall and use config sync to > > replicate it to secondary.. > > > > > > I guess do whatever feels right then. > > > -- > > Eero > > > > 2017-12-04 18:41 GMT+02:00 Chris L <c...@viptalk.net>: > > > >> On Dec 4, 2017, at 8:11 AM, Eero Volotinen <eero.voloti...@iki.fi> > wrote: > >>> > >>> Well. is that really so hard? > >>> > >>> thinking to add carp ip addresses and switching them to main addresses > by > >>> editing xml backup and then restoring it to firewall.. > >>> > >>> I have same hardware (3* sg-8860). one for backup.. > >> > >> It depends on how complicated your setup is. > >> > >> If there were lots of interfaces and physical interface name changes, I > >> might edit the configuration to change the interface names and the > >> interface addresses (many people use .2 for the primary, .3 for the > >> secondary, and .1 for the CARP VIP, for instance) but after that I would > >> use the GUI to make the HASYNC interface, VIPs and configure HA. > >> > >> I would not try to configure the secondary that way. I would configure > it > >> from scratch and let the configuration for everything exceopt the > >> interfaces, etc sync over. > >> > >>> > >>> Eero > >>> > >>> 4.12.2017 17.49 "Steve Yates" <st...@teamits.com> kirjoitti: > >>> > >>>> I don't think it would qualify as "simple" since it involves setting > up > >> an > >>>> additional interface on each as well as the CARP virtual IPs. > >>>> > >>>> If you're asking about linking your old router to a new router, the > >>>> routers have to use the same hardware interface (NIC) names in order > to > >>>> sync firewall states (em0 to igb0 won't sync). > >>>> > >>>> -- > >>>> > >>>> Steve Yates > >>>> ITS, Inc. > >>>> > >>>> -----Original Message----- > >>>> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero > >>>> Volotinen > >>>> Sent: Saturday, December 2, 2017 11:04 AM > >>>> To: pfSense Support and Discussion Mailing List < > list@lists.pfsense.org > >>> > >>>> Subject: [pfSense] single pfsense to ha conversion > >>>> > >>>> Hi List, > >>>> > >>>> I just bought two pieces of sg-8860 netgate devices and planning to > >> convert > >>>> old unit to ha solution. > >>>> > >>>> Is there simple way to convert units to ha with a bit editing xml > >> backup? > >>>> > >>>> -- > >>>> Eero > >>>> _______________________________________________ > >>>> pfSense mailing list > >>>> https://lists.pfsense.org/mailman/listinfo/list > >>>> Support the project with Gold! https://pfsense.org/gold > >>>> _______________________________________________ > >>>> pfSense mailing list > >>>> https://lists.pfsense.org/mailman/listinfo/list > >>>> Support the project with Gold! https://pfsense.org/gold > >>>> > >>> _______________________________________________ > >>> pfSense mailing list > >>> https://lists.pfsense.org/mailman/listinfo/list > >>> Support the project with Gold! https://pfsense.org/gold > >> > >> _______________________________________________ > >> pfSense mailing list > >> https://lists.pfsense.org/mailman/listinfo/list > >> Support the project with Gold! https://pfsense.org/gold > >> > > _______________________________________________ > > pfSense mailing list > > https://lists.pfsense.org/mailman/listinfo/list > > Support the project with Gold! https://pfsense.org/gold > > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
