diff --git a/data/templates/conntrackd/conntrackd.conf.tmpl b/data/templates/conntrackd/conntrackd.conf.tmpl
index 3f957b696..b87edfd75 100644
--- a/data/templates/conntrackd/conntrackd.conf.tmpl
+++ b/data/templates/conntrackd/conntrackd.conf.tmpl
@@ -1,111 +1,112 @@
 # autogenerated by conntrack_sync.py
 
 # Synchronizer settings
 Sync {
     Mode FTFW {
         DisableExternalCache {{ 'on' if disable_external_cache is defined else 'off' }}
+        StartupResync {{ 'on' if enable_startup_resync is defined else 'off' }}
     }
 {% for iface, iface_config in interface.items() %}
 {%   if loop.first %}
 {%     if iface_config.peer is defined and iface_config.peer is not none %}
     UDP {
 {%       if listen_address is defined and listen_address is not none %}
 {%           for address in listen_address %}
         IPv4_address {{ address }}
 {%           endfor %}
 {%       endif %}
         IPv4_Destination_Address {{ iface_config.peer }}
         Port {{ iface_config.port if iface_config.port is defined else '3780' }}
 {%     else %}
 {%       set ip_address = iface | get_ipv4 %}
     Multicast {
         IPv4_address {{ mcast_group }}
         Group {{ iface_config.port if iface_config.port is defined else '3780' }}
         IPv4_interface {{ ip_address[0] | ip_from_cidr }}
 {%     endif %}
         Interface {{ iface }}
 {%   endif %}
 {% endfor %}
         SndSocketBuffer {{ sync_queue_size | int *1024 *1024 }}
         RcvSocketBuffer {{ sync_queue_size | int *1024 *1024 }}
         Checksum on
     }
 {% if expect_sync is defined and expect_sync is not none %}
     Options {
 {%   if 'all' in expect_sync %}
         ExpectationSync on
 {%   else %}
         ExpectationSync {
 {%     for protocol in expect_sync %}
             {{ protocol }}
 {%     endfor %}
         }
 {%   endif %}
     }
 {% endif %}
 }
 Helper {
     Type rpc inet tcp {
         QueueNum 3
         Policy rpc {
             ExpectMax 1
             ExpectTimeout 300
         }
     }
     Type rpc inet udp {
         QueueNum 4
         Policy rpc {
             ExpectMax 1
             ExpectTimeout 300
         }
     }
     Type tns inet tcp {
         QueueNum 5
         Policy tns {
             ExpectMax 1
             ExpectTimeout 300
         }
     }
 }
 
 # General settings
 General {
     HashSize {{ hash_size }}
     HashLimit {{ table_size | int *2 }}
     LogFile off
     Syslog {{ 'off' if disable_syslog is defined else 'on' }}
     LockFile /var/lock/conntrack.lock
     UNIX {
         Path /var/run/conntrackd.ctl
     }
     NetlinkBufferSize {{ 2 *1024 *1024 }}
     NetlinkBufferSizeMaxGrowth {{ event_listen_queue_size | int *1024 *1024 }}
     NetlinkOverrunResync off
     NetlinkEventsReliable on
 {% if ignore_address is defined or accept_protocol is defined %}
     Filter From Userspace {
 {%   if ignore_address is defined and ignore_address is not none %}
         Address Ignore {
 {%     for address in ignore_address if address | is_ipv4 %}
             IPv4_address {{ address }}
 {%     endfor %}
 {%     for address in ignore_address if address | is_ipv6 %}
             IPv6_address {{ address }}
 {%     endfor %}
         }
 {%   endif %}
 {%   if accept_protocol is defined and accept_protocol is not none %}
         Protocol Accept {
 {%     for protocol in accept_protocol %}
 {%       if protocol == 'icmp6' %}
             IPv6-ICMP
 {%       else %}
             {{ protocol | upper }}
 {%       endif %}
 {%     endfor %}
         }
 {%   endif %}
     }
 {% endif %}
 }
 
diff --git a/interface-definitions/service_conntrack-sync.xml.in b/interface-definitions/service_conntrack-sync.xml.in
index 105c2a3a0..4bb07643b 100644
--- a/interface-definitions/service_conntrack-sync.xml.in
+++ b/interface-definitions/service_conntrack-sync.xml.in
@@ -1,178 +1,184 @@
 <?xml version="1.0"?>
 <interfaceDefinition>
   <node name="service">
     <children>
       <node name="conntrack-sync" owner="${vyos_conf_scripts_dir}/conntrack_sync.py">
         <properties>
           <help>Connection tracking synchronization</help>
           <priority>995</priority>
         </properties>
         <children>
           <leafNode name="accept-protocol">
             <properties>
               <help>Protocols for which local conntrack entries will be synced</help>
               <completionHelp>
                 <list>tcp udp icmp icmp6 sctp dccp</list>
               </completionHelp>
               <valueHelp>
                 <format>tcp</format>
                 <description>Sync Transmission Control Protocol entries</description>
               </valueHelp>
               <valueHelp>
                 <format>udp</format>
                 <description>Sync User Datagram Protocol entries</description>
               </valueHelp>
               <valueHelp>
                 <format>icmp</format>
                 <description>Sync Internet Control Message Protocol entries</description>
               </valueHelp>
               <valueHelp>
                 <format>icmp6</format>
                 <description>Sync IPv6 Internet Control Message Protocol entries</description>
               </valueHelp>
               <valueHelp>
                 <format>sctp</format>
                 <description>Sync Stream Control Transmission Protocol entries</description>
               </valueHelp>
               <valueHelp>
                 <format>dccp</format>
                 <description>Sync Datagram Congestion Control Protocol entries</description>
               </valueHelp>
               <constraint>
                 <regex>^(tcp|udp|icmp|icmp6|sctp|dccp)$</regex>
               </constraint>
               <constraintErrorMessage>Allowed protocols: tcp udp icmp or sctp</constraintErrorMessage>
               <multi/>
             </properties>
           </leafNode>
           <leafNode name="disable-external-cache">
             <properties>
               <help>Directly injects the flow-states into the in-kernel Connection Tracking System of the backup firewall.</help>
               <valueless/>
             </properties>
           </leafNode>
           <leafNode name="disable-syslog">
             <properties>
               <help>Disable connection logging via Syslog</help>
               <valueless/>
             </properties>
           </leafNode>
           <leafNode name="event-listen-queue-size">
             <properties>
               <help>Queue size for local conntrack events</help>
               <valueHelp>
                 <format>u32</format>
                 <description>Queue size in MB</description>
               </valueHelp>
             </properties>
             <defaultValue>8</defaultValue>
           </leafNode>
           <leafNode name="expect-sync">
             <properties>
               <help>Protocol for which expect entries need to be synchronized</help>
               <completionHelp>
                 <list>all ftp sip h323 nfs sqlnet</list>
               </completionHelp>
               <constraint>
                 <regex>^(all|ftp|sip|h323|nfs|sqlnet)$</regex>
               </constraint>
               <constraintErrorMessage>Invalid protocol</constraintErrorMessage>
               <multi/>
             </properties>
           </leafNode>
+          <leafNode name="enable-startup-resync">
+            <properties>
+              <help>Order conntrackd to request a complete conntrack table resync against the other node at startup</help>
+              <valueless/>
+            </properties>
+          </leafNode>
           <node name="failover-mechanism">
             <properties>
               <help>Failover mechanism to use for conntrack-sync</help>
             </properties>
             <children>
               <node name="vrrp">
                 <properties>
                   <help>VRRP as failover-mechanism to use for conntrack-sync</help>
                 </properties>
                 <children>
                   <leafNode name="sync-group">
                     <properties>
                       <help>VRRP sync group</help>
                       <completionHelp>
                         <path>high-availability vrrp sync-group</path>
                       </completionHelp>
                     </properties>
                   </leafNode>
                 </children>
               </node>
             </children>
           </node>
           <leafNode name="ignore-address">
             <properties>
               <help>IP addresses for which local conntrack entries will not be synced</help>
               <valueHelp>
                 <format>ipv4</format>
                 <description>IPv4 address to ignore</description>
               </valueHelp>
               <valueHelp>
                 <format>ipv4net</format>
                 <description>IPv4 prefix to ignore</description>
               </valueHelp>
               <valueHelp>
                 <format>ipv6</format>
                 <description>IPv6 address to ignore</description>
               </valueHelp>
               <valueHelp>
                 <format>ipv6net</format>
                 <description>IPv6 prefix to ignore</description>
               </valueHelp>
               <constraint>
                 <validator name="ipv4"/>
                 <validator name="ipv6"/>
               </constraint>
               <multi/>
             </properties>
           </leafNode>
           <tagNode name="interface">
             <properties>
               <help>Interface to use for syncing conntrack entries</help>
               <completionHelp>
                 <script>${vyos_completion_dir}/list_interfaces.py --bridgeable</script>
               </completionHelp>
             </properties>
             <children>
               <leafNode name="peer">
                 <properties>
                   <help>IP address of the peer to send the UDP conntrack info too. This disable multicast.</help>
                   <valueHelp>
                     <format>ipv4</format>
                     <description>IP address to listen for incoming connections</description>
                   </valueHelp>
                   <constraint>
                     <validator name="ipv4-address"/>
                   </constraint>
                 </properties>
               </leafNode>
               #include <include/port-number.xml.i>
             </children>
           </tagNode>
           #include <include/listen-address-ipv4.xml.i>
           <leafNode name="mcast-group">
             <properties>
               <help>Multicast group to use for syncing conntrack entries</help>
               <constraint>
                 <validator name="ipv4-multicast"/>
               </constraint>
             </properties>
             <defaultValue>225.0.0.50</defaultValue>
           </leafNode>
           <leafNode name="sync-queue-size">
             <properties>
               <help>Queue size for syncing conntrack entries</help>
               <valueHelp>
                 <format>u32</format>
                 <description>Queue size in MB</description>
               </valueHelp>
             </properties>
             <defaultValue>1</defaultValue>
           </leafNode>
         </children>
       </node>
     </children>
   </node>
 </interfaceDefinition>