Getting started
Products concerned: SNS 5.x
In response to the application of a filter policy (filter and NAT rules), these rules are reloaded and connections are reassessed, either in synchronous or asynchronous mode.
Synchronous reloading is the default mode. When a filter policy is applied, connections are immediately reassessed to ensure compliance. The duration of this operation varies by the number of connections found in the status table of the intrusion prevention system, and by the number of filter rules found in the applied policy. The operation may last as quickly as a few milliseconds. During this time, no traffic can pass through the firewall.
The administrator has to enable asynchronous reloading. This means that when a filter policy is applied, TCP and UDP connections are not reassessed immediately, but on the next time they are used. This spreads out the workload of the intrusion prevention system over time. You can choose to enable asynchronous reloading if your network connection is slow or unstable when a filter policy is applied (particularly if the policy includes FQDN objects).
This technical note describes how the asynchronous reloading of filter and NAT rules works, and how to implement it.
| Date | Description |
|---|---|
| September 22, 2025 | New document |