From a4fe5cac4ce924e25025b79f7cd5570afef8bebd Mon Sep 17 00:00:00 2001 From: jim-p Date: Tue, 30 Nov 2010 17:31:49 -0500 Subject: Reformat pfsync/xmlrpc sync settings. Hopefully make it more clear to understand and use. --- usr/local/pkg/carp_settings.xml | 120 ++++++++++++++++++++-------------------- 1 file changed, 61 insertions(+), 59 deletions(-) (limited to 'usr/local') diff --git a/usr/local/pkg/carp_settings.xml b/usr/local/pkg/carp_settings.xml index de0d226..19db7e7 100644 --- a/usr/local/pkg/carp_settings.xml +++ b/usr/local/pkg/carp_settings.xml @@ -3,58 +3,54 @@ carpsettings 0.1.0 Services: CARP Settings - ['installedpackages']['carpsettings']['config'] pkg_edit.php?xml=carp_settings.xml&id=0 - - CARP (failover) - CARP is a tool to help achieve system redundancy, by having multiple computers creating a single, virtual network interface between them, so that if any machine fails, another can respond instead. CARP is an improvement over the Virtual Router Redundancy Protocol (VRRP) standard. It was developed after VRRP was deemed to be not free enough because of a possibly-overlapping Cisco patent. -
Firewall
- carp_settings.xml + CARP (failover) + CARP is a tool to help achieve system redundancy, by having multiple computers creating a single, virtual network interface between them, so that if any machine fails, another can respond instead. CARP is an improvement over the Virtual Router Redundancy Protocol (VRRP) standard. It was developed after VRRP was deemed to be not free enough because of a possibly-overlapping Cisco patent. +
Firewall
+ carp_settings.xml
- - - Virtual IPs - firewall_virtual_ip.php - - - CARP Settings - pkg_edit.php?xml=carp_settings.xml&id=0 - - + + Virtual IPs + firewall_virtual_ip.php + + + CARP Settings + pkg_edit.php?xml=carp_settings.xml&id=0 + + - - PFSync Enabled - pfsyncenabled - - - PFSync IP - pfsyncip - - - PFSync Interface - pfsyncinterface - + + PFSync Enabled + pfsyncenabled + + + PFSync IP + pfsyncip + + + PFSync Interface + pfsyncinterface + - - Synchronize Enabled + State Synchronization Settings (pfsync) + listtopic + + + Synchronize States pfsyncenabled - - PFSync transfers state insertion, update, and deletion messages between firewalls. Each firewall sends these messages out via multicast on a specified interface, using the PFSYNC protocol (IP Protocol 240). It also listens on that interface for similar messages from other firewalls, and imports them into the local state table. + + pfsync transfers state insertion, update, and deletion messages between firewalls. Each firewall sends these messages out via multicast on a specified interface, using the PFSYNC protocol (IP Protocol 240). It also listens on that interface for similar messages from other firewalls, and imports them into the local state table. + <p> + This setting should be enabled on all members of a failover group. <p> - NOTE: Clicking save will force a configuration sync! - + NOTE: Clicking save will force a configuration sync if it is enabled! (see Configuration Synchronization Settings below) + checkbox @@ -62,14 +58,14 @@ pfsyncinterface interfaces_selection - If Synchronize State is enabled, it will utilize this interface for communication. - <br><b>NOTE:</b> We recommend setting this to a interface other than LAN! A dedicated interface works the best. - <br><b>NOTE:</b> You must define a IP on each machine participating in this failover group. - <br><b>NOTE:</b> You must have an IP assigned to the interface on any participating sync nodes. + If Synchronize States is enabled, it will utilize this interface for communication. + <br><b>NOTE:</b> We recommend setting this to a interface other than LAN! A dedicated interface works the best. + <br><b>NOTE:</b> You must define a IP on each machine participating in this failover group. + <br><b>NOTE:</b> You must have an IP assigned to the interface on any participating sync nodes. - pfSync sync peer IP + pfsync Synchronize Peer IP pfsyncpeerip input @@ -77,6 +73,26 @@ + Configuration Synchronization Settings (XMLRPC Sync) + listtopic + + + Synchronize Config to IP + synchronizetoip + Enter the IP address of the firewall to which the selected configuration sections should be synchronized. + <br><br>NOTE: XMLRPC sync is currently only supported over connections using the same protocol and port as this system - make sure the remote system's port and protocol are set accordingly! + <br><br>NOTE: <b>Do not use the Synchronize Config to IP and password option on backup cluster members!</b> + + input + + + Remote System Password + password + Enter the webConfigurator password of the system entered above for synchronizing your configuration. + <br><br>NOTE: <b>Do not use the Synchronize Config to IP and password option on backup cluster members!</b> + password + + Synchronize Users and Groups synchronizeusers When this option is enabled, this system will automatically sync the users and groups over to the other CARP host when changes are made. @@ -166,20 +182,6 @@ When this option is enabled, this system will automatically sync the Captive Portal configuration to the other CARP host when changes are made. checkbox - - Synchronize to IP - synchronizetoip - Enter the IP address of the firewall you are synchronizing with. - input - Note: CARP sync is currently only supported over connections using the same protocol and port as this system - make sure the remote system's port and protocol are set accordingly! Also note that you will not use the Synchronize to IP and password option on backup cluster members! - - - Remote System Password - password - Enter the webConfigurator password of the system that you would like to synchronize with. - password - NOTE: You will not use the Synchronize to IP and password option on backup cluster members! - if($_POST["synchronizetoip"]) { -- cgit v1.1