When I go to Monitor > Session Browser I still see active connections on the pasive peer. I verified it is truly the passive firewall and the other is active and that its supposed to be in Active/Passive mode in the HA configuration. Running the show session all command reveals the same thing. All time stamps are current.
so that if/when the firewalls fail over, the sessions are continued.
the traffic/session info is replicated over the HA link.
Just check the network interfaces of the passive. they will be down. (Red)
@MarioMarquez, the passive firewall is not exactly passing the traffic. You can still see the active connections only because of the session synchronization between the HA pair firewalls.
In the active/passive configuration, you can find all other sessions except for ICMP sessions if you observe keenly.
In the active/active configuration, ICMP, Host sessions & Multicast sessions are not synchronized.
This session synchronization helps in avoiding any loss of service, in case of any hardware/software disruption occurs.
Hope this helps.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!