Hello,
I use scripts to keep configs in sync among two routers which share VRRP IP's for IPSec tunnels. I make changes only on primary router and use something like:
/ip firewall address-list export file="EXPORT.$[/system identity get name].FW_Lists"
to export some settings to a file.
Then, on secondary router(s), you can use something like:
/tool fetch mode=tftp address=MAIN_ROUTER_IP src-path=EXPORT.FW_Lists.rsc
/ip firewall address-list export file="PreIMPORT.$[/system identity get name].FW_Lists_BK.rsc"
/ip firewall address-list remove [find]
/import file=EXPORT.FW_Lists.rsc
/file remove EXPORT.FW_Lists.rsc
This makes keeping configs in sync a lot less troublesome