F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices High Availability Configuration Guide-6PW100

2. The two devices exchange state negotiation messages periodically through the failover link. After

the two devices enter the synchronized state, they back up the sessions of each other to make sure

that the sessions on them are consistent.

3. If one device fails, the other device can take over the services by using VRRP or a dynamic routing

protocol (such as OSPF) to avoid service interruption.

The stateful failover feature supports backing up NAT, ALG, blacklist, ASPF, and IPsec services.

Figure 28 Network diagram for stateful failover

103BService backup

The two devices exchange state negotiation messages through the failover link periodically. After the two

devices enter the synchronization state, they back up the services of each other to make sure that the

services on them are consistent. If one device fails, the other device can take over the services by using

VRRP or a dynamic routing protocol (such as OSPF).

104BConfiguration synchronization

To implement service backup, the key service configurations on the two devices must be consistent. With

the configuration synchronization function, you can synchronize such configurations from the active

device to the standby device through the failover link, instead of making repeated configurations on both

devices.

With auto synchronization, the active device synchronizes all its configurations to the standby device at

a time. After that, when its configuration is changed, the active device automatically synchronizes the

new configuration to the standby device.

NOTE:

The device does not support synchronization of IPv6 ACL.

105BStateful failover states

Stateful failover includes the following states:

Internet

Internal

network

Device A

Host A Host B

Device B

Failover link

GE1/2 GE1/2

GE1/1 GE1/1

GE1/3 GE1/3