19.3. States Sync¶

You can find the High Availability Settings at System → High Availability.

It can be found starting with the Firewall State Sync Box. You can enable or disable the entire sync.

High Availability States Synchronization

Syncinterface is the interface the states updates are published to. The states are sent as a multicast and received by all clients in that network. They are also unencrypted.

A firewall rule will automatically be generated when you enable this option. The States Sync must be enabled on all (master, slaves) VT AIR that participate in the HA Setup.

It contains all firewall state information and they will be automatically added to all VT AIR that have the option enabled.

States of the other firewall are first saved to a special external states cache and no directly applied to the state table. This allows for faster and easier Synchronization of the states as long as they are not used. As soon as a VRRP failover happens, all states are applied to the firewalls state table.

States and External States can be seen in the States Diagnostics at Diagnostics → States. External States can also be seen with the shell command conntrackd -e.