System components involved in high availability

Synchronizes:

• TCP and UDP connection tables,
• Host tables,
• Tables of users authenticated on the firewall,
• Status tables exclusively for FTP and SIP protocols,
• Changes to the status of router objects,
• IPState connection tables (GRE / ESP),
• SCTP associations.

• Manages HA setup,
• Provides the initial connection between both firewalls to finalize the creation of the cluster,
• Manages changes to the weights of interfaces.

Internal messaging system.

Both firewalls continuously exchange messages to replicate the tunnels defined in an IKEv2 only IPsec policy or a combination of IKEv1 / IKEv2.

When an active IPsec policy contains only IKEv1 tunnels, they will not be replicated.

• Calculates the quality factor of the cluster member. The calculation of this quality factor is explained in the section Electing the active firewall.
• Interprets information about the status of HA (passive member restarting, availability tests on HA links, synchronization in progress, etc.),
• Decides when to swap statuses,
• Calls up various synchronization commands (configuration files, Active Update databases, etc.),
• Stated can be queried with statectl.

• Transports information about HA status.

• Manages periodic events.
• Makes it possible to launch periodic and regular synchronizations of certificates, DHCP leases, Vulnerability Manager information, and the status of monitored routers through other daemons such as SSHD.

Conducts liveness tests between members of the cluster.