HP VPN Firewall Appliances High Availability Configuration Guide

Figure 28 Network diagram for stateful failover

Service backup

The two devices exchange state negotiation messages through the failover link periodically. After the two

devices enter the synchronization state, they back up the services of each other to make sure that the

services on them are consistent. If one device fails, the other device can take over the services by using

VRRP or a dynamic routing protocol (such as OSPF).

Configuration synchronization

To implement service backup, the key service configurations on the two devices must be consistent. With

the configuration synchronization function, you can synchronize such configurations from the active

device to the standby device through the failover link, instead of making repeated configurations on both

devices.

With auto synchronization, the active device synchronizes all its configurations to the standby device at

a time. After that, when its configuration is changed, the active device automatically synchronizes the

new configuration to the standby device.

NOTE:

The device does not support synchronization of IPv6 ACL.

Stateful failover states

Stateful failover includes the following states:

• Silence—The device has just started, or is transiting from synchronization state to independence

state.

• Independence—The silence timer has expired, but no failover link is established.

• Synchronization—The device has completed state negotiation with the other device and is ready for

service backup.

Internet

Internal

network

Device A

Host A Host B

Device B

Failover link

GE1/2 GE1/2

GE1/1 GE1/1

GE1/3 GE1/3