Objects replicated in a cluster
The following are lists of the objects that are replicated from the active firewall to the passive firewall.
- TCP and UDP connection tables,
- IPState connection tables (GRE / ESP),
- SCTP associations,
- Host tables,
- Tables of users authenticated on the firewall,
- Changes to the Internal LDAP directory,
- Status tables exclusively for FTP and SIP protocols,
- Statuses of monitored routers,
- Serial numbers of certificates,
- Security associations (IKE-SA and IPsec-SA) of IKEv2-based IPsec VPN connections,
- Anti-replay counters of IKEv2 IPsec VPN connections.
Objects synchronized periodically
- Active Update databases,
- Changes to the firewall configuration (upon request),
- DHCP leases (5 minutes),
- SN Vulnerability Manager event databases (60 minutes),
- New certificates and downloaded CRLs (60 minutes).
Objects that are not replicated
- Direct connections with the firewall, such as administration sessions via SSH, serverd, the web administration interface, etc.
- Connections handled by proxies.