• High Availability
  • About High Availability
    • High Availability Terminology
    • High Availability Modes
    • High Availability Encryption
    • Crash Detection
    • Virtual MAC Address
    • Dynamic WAN Interfaces with PPPoE HA
    • Stateful Synchronization with DHCP
    • Stateful Synchronization with DNS Proxy
    • About HA Monitoring
  • About Active/Standby HA
    • Benefits of Active/Standby HA
    • Working of Active/Standby HA
  • About Stateful Synchronization
    • Benefits of Stateful Synchronization
    • How Does Stateful Synchronization Work?
    • Example of Stateful Synchronization
  • Active/Standby and Active/Active DPI Prerequisites
    • Supported Platforms and Licensing for HA
    • Physically Connecting Your Security Appliances
    • Connecting the Active/Active DPI Interfaces for Active/Active DPI
  • Maintenance
    • Removing an HA Association
    • Replacing a SonicWall Security Appliance
      • Replacing an HA Primary Unit
      • Replacing an HA Secondary Unit
• High Availability Status
  • Active/Standby High Availability Status
    • High Availability Status
    • High Availability Config
    • High Availability Licenses
• Configuring High Availability
  • Configuring Active/Standby High Availability Settings
  • Configuring HA with Dynamic WAN Interfaces
  • Configuring Network DHCP and Interface Settings
    • Disabling the SonicOS DHCP Server
    • Configuring Virtual IP Addresses
    • Configuring Redundant Ports
• Fine Tuning High Availability
  • Advanced Settings
  • Configuring Advanced High Availability Settings
• Monitoring High Availability
  • Configuring Active/Standby High Availability Monitoring
  • IPv6 High Availability Monitoring
  • IPv6 HA Monitoring Considerations
• SonicWall Support
  • About This Document

How Does Stateful Synchronization Work?

Stateful Synchronization is not load-balancing. It is an active-standby configuration where the Primary Security Appliance handles all traffic. When Stateful Synchronization is enabled, the Primary Security Appliance actively communicates with the Secondary to update most network connection information. As the Primary Security Appliance creates and updates network connection information (such as VPN tunnels, active users, connection cache entries), it immediately informs the Secondary Security Appliance. This ensures that the Secondary Security Appliance is always ready to transition to the Active state without dropping any connections.

The synchronization traffic is throttled to ensure that it does not interfere with regular network traffic. All configuration changes are performed on the Primary Security Appliance and automatically propagated to the Secondary Security Appliance. The High Availability pair uses the same LAN and WAN IP addresses—regardless of which Security Appliance is currently Active.

When using SonicWall Global Management System (GMS) to manage the Security Appliances, GMS logs into the shared WAN IP address. In case of a failover, GMS administration continues seamlessly, and GMS administrators currently logged into the Security Appliance are not logged out; however, Get and Post commands may result in a time out with no reply returned.

Synchronized and non-synchronized information table lists the information that is synchronized and information that is not currently synchronized by Stateful Synchronization.