How it works

Asynchronous reloading distributes the workload of the intrusion prevention system over time, and speeds up the application of a new filter policy (filter and NAT rules).

Asynchronous reloading supports most filter policy change operations such as:

• Administrator manually changing the filter policy,

• Automatic application of filter policies after an object database has been updated, especially when FQDN objects are used,

• Automatic reapplication of filter policies after the time has been changed, when time objects are used.

Asynchronous reloading is ignored when:

• Traffic is reassessed: Ethernet connections, IPState connection table (GRE, ESP protocols, etc.), SCTP association,

• The filter policy is changed due to a change in the network configuration,

• A configuration is restored,

• Connections on the passive firewall are reassessed after the configuration is synchronized in a high availability (HA) cluster.

Asynchronous reloading does not apply to configurations that are deployed by the SMC server on firewalls. For more information, see the section Deploying a configuration on firewalls in the SMC administration guide.