Stateful HA

Stateful HA

When running a pair of UTM appliances the Stateful HA Upgrade allows your primary device to update the secondary with network connection information enabling immediate failover without loss of connections.

When running standard high availability failover is near instant but the state of connections is lost, Stateful HA removes this issue allowing the continuation of connections when your primary firewall fails.

There are no downloads available.

  • Active filters:

    • Wireless Firewallsx

    Stateful HA

    Stateful HA Upgrade for TZ500

  • How Does Stateful High Availability Work?


    Stateful High Availability is not load-balancing. It is an active-idle configuration where the Primary appliance handles all traffic.

    When Stateful High Availability is enabled, the Primary appliance actively communicates with the Backup to update most network connection information. As the Primary appliance creates and updates network connection information (VPN tunnels, active users, connection cache entries, etc.), it immediately informs the Backup appliance. This ensures that the Backup appliance is always ready to transition to the Active state without dropping any connections.


    The synchronization traffic is throttled to ensure that it does not interfere with regular network traffic. All configuration changes are performed on the Primary appliance and automatically propagated to the Backup appliance. The High Availability pair uses the same LAN and WAN IP addresses—regardless of which appliance is currently Active.


    When using SonicWALL Global Management System (GMS) to manage the appliances, GMS logs into the shared WAN IP address. In case of a failover, GMS administration continues seamlessly, and GMS administrators currently logged into the appliance will not be logged out, however Get and Post commands may result in a timeout with no reply returned.


    The following table lists the information that is synchronized and information that is not currently synchronized by Stateful High Availability.


    Information that is Synchronised Information that is not Synchronised
    VPN information Dynamic WAN clients (L2TP, PPPoE and PPTP)
    Basic connection cache Deep Packet Inspection (GAV, IPS and Anti Spyware)
    FTP SYNFlood protection information
    Oracle SQL *NET Content Filtering Service information
    Real Audio VoIP protocols
    RTSP Dynamic ARP entries and ARP cache timeouts
    GVC Information Active wireless client information
    Dynamic Address Objects Wireless client packet statistics
    DHCP server information Rogue AP list
    Multicast and IGMP  
    Active users  
    SonicPoint status  
    Wireless guest status  
    Licence information  
    Weighted Load Balancing information  
    RIP and OSPF information  
  • Downloads

    There are no downloads available.