sendarp Appears in 9.0.0
interfaceslipflop appears in 9.0.1
tokentimeout appears in 9.0.4
MulticastAddr appears in 2.0.0
LACPWhenPassive appears in 2.6.0
ConnOlderThan appears in 3.2.0
SynchronizationDelay appears in 3.5.0


Initialize an HA cluster


password=<ha password> ifname=<interface user name> [ifname2=<interface user name>]
[priority=<0-9999>] [forward=<All|None|Connections|Tcp|Udp|SIP>]
[waitingpeertimeout=<0-9999>] [SynchronizationDelay=<0-9999>] [purgearp=<0|1>] [sendarp=<0|1>]
[sendarpperiod=<1-9999>] [secure=<0|1>] [nbping=(0-300)]
[interfacesflipflop=<0-20000>] [tokentimeout=<1-99999>] [MulticastAddr=<multicast IPv4>] [LACPWhenPassive=<0|1>] [ConnOlderThan=<integer>]


Error code


Interfaces are expected to be ethernet or vlan interfaces.

Argument "forward" specifies what list of connected elements must be kept synchronized between firewalls.
Value "connections" for the argument "forward" means TCP/UDP connections.
Default value for "forward" is All.

Argument "peer_waiting_timeout" indicates how long each firewall must wait at boot before considering their peer as offline. is given in seconds.
Default value for "peer_waiting_timeout" is 10s.

Argument "purge_arp" indicates if the ARP table must be purged when the firewall becomes active (default is 0).

send_arp and send_arp_period defines if an ARP packet must be send periodically by the active firewall as a reminder for other machines (default: 0, default period: 5s).

If secure is set to 1, connections sync packets will be encrypted. However you may experience reduced performances (default is 0)

nbping indicates how many ICMP requests must be sent once Corosync consider the peer to be dead. This is used to confirm that the Corosync notification wasn't a false-positive due to an overload on the peer. ICMP requests are sent with an interval of 50ms. Set this value to 0 to disable the confirmation mechanism.
interfacesflipflop indicates how long, in milliseconds, non-HA interfaces must go down when the firewall becomes passive. This is intended to reduce issues with the ARP tables of switchs during user-requested HA swaps when using a bridged network configuration. Bringing non-HA interfaces down should force the switchs to flush their ARP tables. This approach does not work with all switchs. (default is 1000, 0 to disable)
tokentimeout indicates how long Corosync must wait when it doesn't get any message from the peer(s). Once this delay is passed, Corosync will notify Stated. Stated will then try to ping the peer. If Stated doesn't get any reply either, the local firewall will become active.
MulticastAddr indicates the multicast address used for Corosync communication between firewalls
LACPWhenPassive indicates if the passive firewall should take part to the lacp negociation or re-negociate lacp when swap happens.
ConnOlderThan indicates that connections living less than this value (in seconds) won't be synchronized.


CONFIG HA CREATE password=password ifname=vlan0
CONFIG HA CREATE password=karamba ifname=ethernet3 forward=Connections,SIP