Table of Contents
Advertisement
Chapter 33 Device HA
33.6 Synchronization Overview
In a virtual router, backup routers do not automatically get configuration updates from the
master router. In this case, the master ZyWALL can send these updates to backup ZyWALLs.
This is called synchronization.
During synchronization, the master ZyWALL sends the following information to the backup
ZyWALL.
• Startup configuration file (startup-config.conf)
• AV signatures
• IDP and application patrol signatures
• System protect signatures
• Certificates (My Certificates, and Trusted Certificates)
Synchronization does not change the VRRP groups or synchronization settings in the backup
ZyWALL, however.
Synchronization affects the entire device configuration. You can only configure one set of
settings for synchronization, regardless of how many VRRP groups you might configure. The
ZyWALL uses Secure FTP (on a port number you can change) to synchronize, but it is still
recommended that the backup ZyWALL synchronize with a master ZyWALL on a secure
network.
Synchronization can be either done manually or scheduled regularly, and it is initiated by the
backup ZyWALL. The following restrictions apply.
• The backup ZyWALL must have at least one active VRRP group.
• The backup ZyWALL cannot be the master in any active VRRP group. This refers to the
actual role at the time of synchronization, not the Role setting in the VRRP group.
During synchronization, the backup ZyWALL checks to see if the incoming configuration is
different from the existing configuration on the backup. If the incoming configuration is
different, the backup ZyWALL applies the entire configuration. The incoming configuration is
not applied if it is the same as the existing configuration on the backup.
The backup ZyWALL is not available while it applies the new configuration.
This usually takes two or three minutes but can take longer depending on the
configuration complexity.
33.6.1 Synchronization and Subscription Services
The backup ZyWALL must have its own (separate) licenses for services like IDP/AppPatrol,
Anti-Virus, Content Filtering, and SSL VPN.
Backup ZyWALLs can only get updates for services to which they have subscribed. For
example, if a backup ZyWALL is subscribed to IDP/AppPatrol, but not Anti-Virus, it gets
IDP/AppPatrol updates from the master ZyWALL, but not Anti-Virus updates. It is highly
recommended that you subscribe the backup ZyWALL to the same services as you subscribe
the master ZyWALL.
500
ZyWALL USG 1000 User's Guide
Advertisement
Table of Contents
Troubleshooting
