diff --git a/roles/firewall/templates/conntrackd.conf.j2 b/roles/firewall/templates/conntrackd.conf.j2
index 578f00d..0894070 100644
--- a/roles/firewall/templates/conntrackd.conf.j2
+++ b/roles/firewall/templates/conntrackd.conf.j2
@@ -2,9 +2,10 @@
 
 Sync {
 	Mode FTFW {
-	     # Add received rules immediately so we don’t need a
-	     # signal on failover.
-	     DisableExternalCache On
+		# Add received rules immediately so we don’t need a signal on failover.
+		DisableExternalCache yes
+		# Get all connections on startup.
+		StartupResync yes
 	}
 
 	UDP {