System components involved in high availability

Several daemons and processes perform various tasks in the high availability mechanism.

Intrusion prevention management engine

Synchronizes:

  • TCP and UDP connection tables,
  • Host tables,
  • Tables of users authenticated on the firewall,
  • Status tables exclusively for FTP and SIP protocols,
  • Changes to the status of router objects,
  • IPState connection tables (GRE / ESP),
  • SCTP associations.
Serverd
  • Manages HA setup,
  • Provides the initial connection between both firewalls to finalize the creation of the cluster,
  • Manages changes to the weights of interfaces.
Gatewayd

Internal messaging system.

Both firewalls continuously exchange messages to replicate the tunnels defined in an IKEv2 only IPSec policy or a combination of IKEv1 / IKEv2.

When an active IPSec policy contains only IKEv1 tunnels, they will not be replicated.

Stated
  • Calculates the quality factor of the cluster member. The calculation of this quality factor is explained in the section Electing the active firewall.
  • Interprets information about the status of HA (passive member restarting, availability tests on HA links, synchronization in progress, etc.),
  • Decides when to swap statuses,
  • Calls up various synchronization commands (configuration files, Active Update databases, etc.),
  • Stated can be queried with statectl.
Corosync
  • Transports information about HA status.
Sshd / Rsync Staggers the synchronization of configuration files and Active Update databases through SSH.
Sshd / ldap Synchronizes changes made to the internal LDAP directory in real time through SSH.
Eventd
  • Manages periodic events.
  • Makes it possible to launch periodic and regular synchronizations of certificates, DHCP leases, Vulnerability Manager information, and the status of monitored routers through other daemons such as SSHD.
Alived - ICMP

Conducts liveness tests between members of the cluster.

Arpsync

Sends gratuitous ARP requests (periodically or during a swap).

Using CLI/Serverd commands in HA

The CLI / Serverd commands CONFIG HA and HA make it possible to configure and control HA through the CLI console of the web administration interface.

These commands are explained in detail in the CLI SERVERD Commands Reference Guide (CONFIG HA and HA menus).