SonicOS 7.1 High Availability Administration Guide
- SonicOS 7.1
- About SonicOS
- High Availability
- Replacing an HA Primary Unit
- High Availability Config
- Configuration of HA Active/Standby
- Configuring Active/Standby High Availability Settings
- Configuring HA with Dynamic WAN Interfaces
- Configuring Network DHCP and Interface Settings
- Disabling the SonicOS DHCP Server
- Configuring Virtual IP Addresses
- Configuring Redundant Ports
- Fine Tuning High Availability
- Advanced Settings
- Configuring Advanced High Availability Settings
- Monitoring High Availability
- Configuring Active/Standby High Availability Monitoring
- Configuring Active/Standby High Availability Settings
- IPv6 High Availability Monitoring
- About This Document
- Azure Use Cases
- SonicWall Support
How Does Stateful Synchronization Work?
Stateful Synchronization is not load-balancing. It is an active-standby configuration where the Primary Security Appliance handles all traffic. When Stateful Synchronization is enabled, the Primary Security Appliance actively communicates with the Secondary to update most network connection information. As the Primary Security Appliance creates and updates network connection information (such as VPN tunnels, active users, connection cache entries), it immediately informs the Secondary Security Appliance. This ensures that the Secondary Security Appliance is always ready to transition to the Active state without dropping any connections.
The synchronization traffic is throttled to ensure that it does not interfere with regular network traffic. All configuration changes are performed on the Active Security Appliance and automatically propagated to the Standby Security Appliance. The High Availability pair uses the same LAN and WAN IP addresses—regardless of which Security Appliance is currently Active.
When using SonicWall Network Security Manager (NSM) to manage the Security Appliances, NSM logs into the shared WAN IP address. In case of a failover, NSM administration continues seamlessly, and NSM administrators currently logged into the Security Appliance are not logged out; however, Get and Post commands may result in a time out with no reply returned.
Synchronized and non-synchronized information table lists the information that is synchronized and information that is not currently synchronized by Stateful Synchronization.
Information that is Synchronized | Information that is not Synchronized |
---|---|
VPN information | Dynamic WAN clients (L2TP, PPPoE, and PPTP) |
Basic connection cache | Deep Packet Inspection (GAV, IPS, and Anti Spyware) |
FTP | IPHelper bindings (such as NetBIOS and DHCP) |
Oracle SQL*NET | SYNFlood protection information |
Real Audio | Content Filtering Service information |
RTSP | VoIP protocols |
GVC information | Dynamic ARP entries and ARP cache time outs |
Dynamic Address Objects | Active wireless client information |
DHCP server information | Wireless client packet statistics |
Multicast and IGMP | Rogue AP list |
Active users | |
ARP | |
SonicPoint and SonicWave status | |
Wireless guest status | |
Weighted Load Balancing information | |
Dynamic Routing Configuration The configuration is synchronized, but the routing table has to be rebuilt in a failover. |
Was This Article Helpful?
Help us to improve our support portal