Netgate is offering COVID-19 aid for pfSense software users, learn more.

pfSense XML-RPC Config Sync Overview

To make the job of maintaining practically identical pfSense® firewall nodes easier, configuration synchronization is possible using XML-RPC. When XML-RPC Synchronization is enabled, settings from supported areas are copied to the secondary and activated after each configuration change. XMLRPC Synchronization is optional, but maintaining a cluster is a lot more work without it.

Some areas cannot be synchronized, such as the Interface configuration, but many other areas can: Firewall rules, aliases, users, certificates, VPNs, DHCP, routes, gateways, and more. As a general rule, items specific to hardware or a particular installation, such as Interfaces or values under System > General or System > Advanced do not synchronize. The list of supported areas can vary depending on the version of pfSense in use. For a list of areas that will synchronize, see the checkbox items on System > High Avail Sync in the XMLRPC section. Most packages will not synchronize but some contain their own synchronization settings. Consult package documentation for more details.

Configuration synchronization should use the Sync interface, or if there is no dedicated Sync interface, use the same interface configured for pfsync.

In a two-node cluster the XML-RPC settings must only be enabled on the primary node, the secondary node must have these settings disabled.

For XML-RPC to function, both nodes must have the GUI running on the same port and protocol, for example: HTTPS on port 443, which is the default setting. The admin account cannot be disabled and both nodes must have the same admin account password.