FAQ-Why Are the Session Tables on the Active and Standby Firewalls Different

Publication Date:  2015-06-29 Views:  149 Downloads:  0
Issue Description
Why Are the Session Tables on the Active and Standby Firewalls Different?
Solution
Check the status of the heartbeat link. If the heartbeat link fails, the sessions on the active firewall cannot be synchronized to the standby firewall.

If the automatic session backup function is disabled, the sessions on the two firewalls are different. Even when the automatic session backup function is enabled, sessions are not synchronized in real time. Only when the sessions to be synchronized are detected by the session aging thread, the sessions are synchronized to the standby firewall. Therefore, established sessions are synchronized to the standby firewall after a period (about 10 seconds).

The firewalls do not back up sessions of the following types when the automatic session backup function is enabled:

     Sessions to the firewall

     Half-open TCP connections

     Sessions in which the first packets are UDP packets and subsequent packets are not (such as the BitTorrent packets)

END