diff --git a/data/templates/conntrackd/conntrackd.conf.j2 b/data/templates/conntrackd/conntrackd.conf.j2
index 669b20877..30e619daf 100644
--- a/data/templates/conntrackd/conntrackd.conf.j2
+++ b/data/templates/conntrackd/conntrackd.conf.j2
@@ -1,113 +1,114 @@
 ### autogenerated by service_conntrack-sync.py ###
 
 # Synchronizer settings
 Sync {
     Mode FTFW {
         DisableExternalCache {{ 'on' if disable_external_cache is vyos_defined else 'off' }}
+        StartupResync {{ 'on' if startup_resync is vyos_defined else 'off' }}
     }
 {% for iface, iface_config in interface.items() %}
 {%     if iface_config.peer is vyos_defined %}
     UDP {
 {%         if listen_address is vyos_defined %}
 {%             for address in listen_address %}
         IPv4_address {{ address }}
 {%             endfor %}
 {%         endif %}
         IPv4_Destination_Address {{ iface_config.peer }}
         Port {{ iface_config.port if iface_config.port is vyos_defined else '3780' }}
         Interface {{ iface }}
         SndSocketBuffer {{ sync_queue_size | int *1024 *1024 }}
         RcvSocketBuffer {{ sync_queue_size | int *1024 *1024 }}
         Checksum on
     }
 {%     else %}
     Multicast {
 {%         set ip_address = iface | get_ipv4 %}
         IPv4_address {{ mcast_group }}
         Group {{ iface_config.port if iface_config.port is vyos_defined else '3780' }}
         IPv4_interface {{ ip_address[0] | ip_from_cidr }}
         Interface {{ iface }}
         SndSocketBuffer {{ sync_queue_size | int *1024 *1024 }}
         RcvSocketBuffer {{ sync_queue_size | int *1024 *1024 }}
         Checksum on
     }
 {%     endif %}
 {% endfor %}
 {% if expect_sync is vyos_defined %}
     Options {
 {%     if 'all' in expect_sync %}
         ExpectationSync on
 {%     else %}
         ExpectationSync {
 {%         for protocol in expect_sync %}
             {{ protocol }}
 {%         endfor %}
         }
 {%     endif %}
     }
 {% endif %}
 }
 Helper {
     Type rpc inet tcp {
         QueueNum 3
         Policy rpc {
             ExpectMax 1
             ExpectTimeout 300
         }
     }
     Type rpc inet udp {
         QueueNum 4
         Policy rpc {
             ExpectMax 1
             ExpectTimeout 300
         }
     }
     Type tns inet tcp {
         QueueNum 5
         Policy tns {
             ExpectMax 1
             ExpectTimeout 300
         }
     }
 }
 
 # General settings
 General {
     HashSize {{ hash_size }}
     HashLimit {{ table_size | int *2 }}
     LogFile off
     Syslog {{ 'off' if disable_syslog is vyos_defined else 'on' }}
     LockFile /var/lock/conntrack.lock
     UNIX {
         Path /var/run/conntrackd.ctl
     }
     NetlinkBufferSize {{ 2 *1024 *1024 }}
     NetlinkBufferSizeMaxGrowth {{ event_listen_queue_size | int *1024 *1024 }}
     NetlinkOverrunResync off
     NetlinkEventsReliable on
 {% if ignore_address is vyos_defined or accept_protocol is vyos_defined %}
     Filter From Userspace {
 {%     if ignore_address is vyos_defined %}
         Address Ignore {
 {%         for address in ignore_address if address | is_ipv4 %}
             IPv4_address {{ address }}
 {%         endfor %}
 {%         for address in ignore_address if address | is_ipv6 %}
             IPv6_address {{ address }}
 {%         endfor %}
         }
 {%     endif %}
 {%     if accept_protocol is vyos_defined %}
         Protocol Accept {
 {%         for protocol in accept_protocol %}
 {%             if protocol == 'icmp6' %}
             IPv6-ICMP
 {%             else %}
             {{ protocol | upper }}
 {%             endif %}
 {%         endfor %}
         }
 {%     endif %}
     }
 {% endif %}
 }
diff --git a/interface-definitions/service_conntrack-sync.xml.in b/interface-definitions/service_conntrack-sync.xml.in
index 397864867..631c830b4 100644
--- a/interface-definitions/service_conntrack-sync.xml.in
+++ b/interface-definitions/service_conntrack-sync.xml.in
@@ -1,179 +1,185 @@
 <?xml version="1.0"?>
 <interfaceDefinition>
   <node name="service">
     <children>
       <node name="conntrack-sync" owner="${vyos_conf_scripts_dir}/service_conntrack-sync.py">
         <properties>
           <help>Connection tracking synchronization</help>
           <!-- before VRRP / HA -->
           <priority>799</priority>
         </properties>
         <children>
           <leafNode name="accept-protocol">
             <properties>
               <help>Protocols for which local conntrack entries will be synced</help>
               <completionHelp>
                 <list>tcp udp icmp icmp6 sctp dccp</list>
               </completionHelp>
               <valueHelp>
                 <format>tcp</format>
                 <description>Sync Transmission Control Protocol entries</description>
               </valueHelp>
               <valueHelp>
                 <format>udp</format>
                 <description>Sync User Datagram Protocol entries</description>
               </valueHelp>
               <valueHelp>
                 <format>icmp</format>
                 <description>Sync Internet Control Message Protocol entries</description>
               </valueHelp>
               <valueHelp>
                 <format>icmp6</format>
                 <description>Sync IPv6 Internet Control Message Protocol entries</description>
               </valueHelp>
               <valueHelp>
                 <format>sctp</format>
                 <description>Sync Stream Control Transmission Protocol entries</description>
               </valueHelp>
               <valueHelp>
                 <format>dccp</format>
                 <description>Sync Datagram Congestion Control Protocol entries</description>
               </valueHelp>
               <constraint>
                 <regex>(tcp|udp|icmp|icmp6|sctp|dccp)</regex>
               </constraint>
               <constraintErrorMessage>Allowed protocols: tcp udp icmp or sctp</constraintErrorMessage>
               <multi/>
             </properties>
           </leafNode>
           <leafNode name="disable-external-cache">
             <properties>
               <help>Directly injects the flow-states into the in-kernel Connection Tracking System of the backup firewall.</help>
               <valueless/>
             </properties>
           </leafNode>
           <leafNode name="disable-syslog">
             <properties>
               <help>Disable connection logging via Syslog</help>
               <valueless/>
             </properties>
           </leafNode>
           <leafNode name="event-listen-queue-size">
             <properties>
               <help>Queue size for local conntrack events</help>
               <valueHelp>
                 <format>u32</format>
                 <description>Queue size in MB</description>
               </valueHelp>
             </properties>
             <defaultValue>8</defaultValue>
           </leafNode>
           <leafNode name="expect-sync">
             <properties>
               <help>Protocol for which expect entries need to be synchronized</help>
               <completionHelp>
                 <list>all ftp sip h323 nfs sqlnet</list>
               </completionHelp>
               <constraint>
                 <regex>(all|ftp|sip|h323|nfs|sqlnet)</regex>
               </constraint>
               <constraintErrorMessage>Invalid protocol</constraintErrorMessage>
               <multi/>
             </properties>
           </leafNode>
+          <leafNode name="startup-resync">
+            <properties>
+              <help>Order conntrackd to request a complete conntrack table resync against the other node at startup</help>
+              <valueless/>
+            </properties>
+          </leafNode>
           <node name="failover-mechanism">
             <properties>
               <help>Failover mechanism to use for conntrack-sync</help>
             </properties>
             <children>
               <node name="vrrp">
                 <properties>
                   <help>VRRP as failover-mechanism to use for conntrack-sync</help>
                 </properties>
                 <children>
                   <leafNode name="sync-group">
                     <properties>
                       <help>VRRP sync group</help>
                       <completionHelp>
                         <path>high-availability vrrp sync-group</path>
                       </completionHelp>
                     </properties>
                   </leafNode>
                 </children>
               </node>
             </children>
           </node>
           <leafNode name="ignore-address">
             <properties>
               <help>IP addresses for which local conntrack entries will not be synced</help>
               <valueHelp>
                 <format>ipv4</format>
                 <description>IPv4 address to ignore</description>
               </valueHelp>
               <valueHelp>
                 <format>ipv4net</format>
                 <description>IPv4 prefix to ignore</description>
               </valueHelp>
               <valueHelp>
                 <format>ipv6</format>
                 <description>IPv6 address to ignore</description>
               </valueHelp>
               <valueHelp>
                 <format>ipv6net</format>
                 <description>IPv6 prefix to ignore</description>
               </valueHelp>
               <constraint>
                 <validator name="ipv4"/>
                 <validator name="ipv6"/>
               </constraint>
               <multi/>
             </properties>
           </leafNode>
           <tagNode name="interface">
             <properties>
               <help>Interface to use for syncing conntrack entries</help>
               <completionHelp>
                 <script>${vyos_completion_dir}/list_interfaces --bridgeable</script>
               </completionHelp>
             </properties>
             <children>
               <leafNode name="peer">
                 <properties>
                   <help>IP address of the peer to send the UDP conntrack info too. This disable multicast.</help>
                   <valueHelp>
                     <format>ipv4</format>
                     <description>IP address to listen for incoming connections</description>
                   </valueHelp>
                   <constraint>
                     <validator name="ipv4-address"/>
                   </constraint>
                 </properties>
               </leafNode>
               #include <include/port-number.xml.i>
             </children>
           </tagNode>
           #include <include/listen-address-ipv4.xml.i>
           <leafNode name="mcast-group">
             <properties>
               <help>Multicast group to use for syncing conntrack entries</help>
               <constraint>
                 <validator name="ipv4-multicast"/>
               </constraint>
             </properties>
             <defaultValue>225.0.0.50</defaultValue>
           </leafNode>
           <leafNode name="sync-queue-size">
             <properties>
               <help>Queue size for syncing conntrack entries</help>
               <valueHelp>
                 <format>u32</format>
                 <description>Queue size in MB</description>
               </valueHelp>
             </properties>
             <defaultValue>1</defaultValue>
           </leafNode>
         </children>
       </node>
     </children>
   </node>
 </interfaceDefinition>