Information Synchronized in an Active-Passive HA Pair

For more up to date information on HA Synchronization see: Reference: HA Synchronization 

Overview

This document explains the information synchronized between High Availability (HA) pair members and applies to Active-Passive deployments.

Details

Control Plane Synchronization Over HA1 link

• Configuration: Configuration changes to either active or passive unit are synchronized to peer device
• Tabs Synchronized: Policy, Objects and Network
• All certificates sync except Web Certificate

Dataplane Synchronization over HA2 Link

• Session states
• IPSec SAs
• MAC Tables
• Neighbor Discovery Table
• IPv(4/6) return MAC
• HA2 Monitor Message
• ARP tables

Verify what gets synchronized over HA2 link using the command below:

> show high-availability state-synchronization

Objects Not Synchronized

• Under Network, interface-specific parameters (such as, link speed and link duplex) are not synchronized
• Application Command Center (ACC) and log data is not synchronized
• Web Certificates
• Log Link configuration is not synchronized between HA. (See: How Does the Log Link Feature Work? )

Note: Device > Objects under the Device Tab are synchronized selectively. Refer to Synchronization of System Runtime Information  for the complete list of objects that are synchronized.

CLI commands to perform a commit sync manually

• Synchronize Running Configuration

  >request high-availability sync-to-remote running-config

• Force the system to synchronize objects that are not saved as part of the system configuration, for example custom block and logon pages. This process operates over the HA control link

  >request high-availability sync-to-remote disk-state

• Manually sync the runtime session state. This is normally automatically done, but if needed this command can be executed to force the synchronization of the session table

  >request high-availability sync-to-remote runtime-state