SonicOS 7.0 High Availability Administration Guide
Table of Contents
How Does Stateful Synchronization Work?
Stateful Synchronization is not load-balancing. It is an active-standby configuration where the Primary Security Appliance handles all traffic. When Stateful Synchronization is enabled, the Primary Security Appliance actively communicates with the Secondary to update most network connection information. As the Primary Security Appliance creates and updates network connection information (such as VPN tunnels, active users, connection cache entries), it immediately informs the Secondary Security Appliance. This ensures that the Secondary Security Appliance is always ready to transition to the Active state without dropping any connections.
The synchronization traffic is throttled to ensure that it does not interfere with regular network traffic. All configuration changes are performed on the Active Security Appliance and automatically propagated to the Standby Security Appliance. The High Availability pair uses the same LAN and WAN IP addresses—regardless of which Security Appliance is currently Active.
When using SonicWall Network Security Manager (NSM) to manage the Security Appliances, NSM logs into the shared WAN IP address. In case of a failover, NSM administration continues seamlessly, and NSM administrators currently logged into the Security Appliance are not logged out; however, Get and Post commands may result in a time out with no reply returned.
Synchronized and non-synchronized information table lists the information that is synchronized and information that is not currently synchronized by Stateful Synchronization.
| Information that is Synchronized | Information that is not Synchronized |
|---|---|
| VPN information | Dynamic WAN clients (L2TP, PPPoE, and PPTP) |
| Basic connection cache | Deep Packet Inspection (GAV, IPS, and Anti Spyware) |
| FTP | IPHelper bindings (such as NetBIOS and DHCP) |
| Oracle SQL*NET | SYNFlood protection information |
| Real Audio | Content Filtering Service information |
| RTSP | VoIP protocols |
| GVC information | Dynamic ARP entries and ARP cache time outs |
| Dynamic Address Objects | Active wireless client information |
| DHCP server information | Wireless client packet statistics |
| Multicast and IGMP | Rogue AP list |
| Active users | |
| ARP | |
| SonicPoint and SonicWave status | |
| Wireless guest status | |
| Weighted Load Balancing information | |
|
Dynamic Routing Configuration The configuration is synchronized, but the routing table has to be rebuilt in a failover. |
