ZyXEL Communications ZyWALL 1000 33.6 Synchronization Overview, 33.6.1Synchronization and Subscription Services

Chapter 33 Device HA

33.6 Synchronization Overview

In a virtual router, backup routers do not automatically get configuration updates from the master router. In this case, the master ZyWALL can send these updates to backup ZyWALLs. This is called synchronization.

During synchronization, the master ZyWALL sends the following information to the backup ZyWALL.

•Startup configuration file (startup-config.conf)

•AV signatures

•IDP and application patrol signatures

•System protect signatures

•Certificates (My Certificates, and Trusted Certificates)

Synchronization does not change the VRRP groups or synchronization settings in the backup ZyWALL, however.

Synchronization affects the entire device configuration. You can only configure one set of settings for synchronization, regardless of how many VRRP groups you might configure. The ZyWALL uses Secure FTP (on a port number you can change) to synchronize, but it is still recommended that the backup ZyWALL synchronize with a master ZyWALL on a secure network.

Synchronization can be either done manually or scheduled regularly, and it is initiated by the backup ZyWALL. The following restrictions apply.

•The backup ZyWALL must have at least one active VRRP group.

•The backup ZyWALL cannot be the master in any active VRRP group. This refers to the actual role at the time of synchronization, not the Role setting in the VRRP group.

During synchronization, the backup ZyWALL checks to see if the incoming configuration is different from the existing configuration on the backup. If the incoming configuration is different, the backup ZyWALL applies the entire configuration. The incoming configuration is not applied if it is the same as the existing configuration on the backup.

"The backup ZyWALL is not available while it applies the new configuration. This usually takes two or three minutes but can take longer depending on the configuration complexity.

33.6.1Synchronization and Subscription Services

The backup ZyWALL must have its own (separate) licenses for services like IDP/AppPatrol, Anti-Virus, Content Filtering, and SSL VPN.

Backup ZyWALLs can only get updates for services to which they have subscribed. For example, if a backup ZyWALL is subscribed to IDP/AppPatrol, but not Anti-Virus, it gets IDP/AppPatrol updates from the master ZyWALL, but not Anti-Virus updates. It is highly recommended that you subscribe the backup ZyWALL to the same services as you subscribe the master ZyWALL.