About Active/Active DPI HA
Capture functionality is not supported in Active/Active DPI mode.
With Active/Active DPI enabled on a Stateful HA pair, the Deep Packet Inspection services are processed on the standby Security Appliance of an HA pair concurrently with the processing of Security Appliance, NAT, and other modules on the active Security Appliance. The following DPI services are affected:
- Intrusion Prevention Service (IPS)
- Gateway Anti-Virus (GAV)
- Gateway Anti-Spyware
- Application Control
To use the Active/Active DPI feature, you must configure an additional interface as the Active/Active DPI Interface. For example, if you choose to make X5 the Active/Active DPI Interface, you must physically connect X5 on the active unit to X5 on the standby unit in the HA pair. Certain packet flows on the active unit are selected and offloaded to the standby unit on the Active/Active DPI Interface. DPI is performed on the standby unit and then the results are returned to the active unit over the same interface. The remaining processing is performed on the active unit.
Active/Active DPI is included on SuperMassive 9200, 9400, and 9600 platforms and is supported on the NSA 5600 and NSA 6600 only with extended licenses. For licensing information, see SonicOS7 Settings document.
Was This Article Helpful?
Help us to improve our support portal