hrp auto-sync

By default, the automatic backup of configuration commands and connection statuses of the FW is enabled, but the automatic backup of static routes and policy-based routes is disabled.

Application Scenarios

In hot standby networking, the configurations of security policies and NAT policies on the active and standby FWs must be consistent so that services on the active FW can be switched smoothly to the standby FW. In addition, packet forwarding-related entries, such as session entries and server-map entries on the active and standby FWs need to be consistent. Therefore, automatic backup of configuration commands and status entries must be enabled on both the active and standby FWs to maintain consistent configuration commands and status entries.

In hot standby networking where the FWs connect to switches in upstream and downstream directions, the FWs use static routes or policy-based routes. Generally, the next hops of the routes of the FW are the same and the outbound interfaces belong to the same broadcast domain. In this case, you are advised to enable automatic backup of static routes or policy-based routes to ensure that the routes of the active and standby FWs are the same. Otherwise, services may be interrupted after the active/standby switchover. In other cases, you are not advised to enable route backup. Otherwise, functions of the standby FW may be abnormal.

Configuration Impact

You can run the hrp auto-sync config command to enable the automatic backup function for configuration commands, but automatic backup of static routes and policy-based routes is unavailable. To enable automatic backup of static routes or policy-based routes, run the hrp auto-sync config static-route or hrp auto-sync config policy-based-route commands.

If no parameter is specified, the hrp auto-sync command can carry out automatic backup of configuration commands (except for automatic backup of static routes and policy-based routes) and connection status.

The command can be used only on the root system, but not on any virtual system. However, the configurations on the root system take effect for the root system and all virtual systems. After the command is run, the configurations and status entries of the root system and all virtual systems are automatically backed up.

Precautions

In mirroring mode, static routes and policy-based routes are automatically backed up. Therefore, you do not need to enable automatic backup of static routes and policy-based routes in mirroring mode.

Only IPv4, not IPv6, static routes can be automatically backed up.

When automatic session backup is enabled, aging session is not synchronized in real time. Only when the aging session thread detects a session and the session needs to be synchronized, the session is synchronized to the standby FW.

Automatic backup cannot be configured before the FWs establish the hot standby relationship. If two FWs have different configurations before they establish the hot standby relationship, the configuration differences still exist after the hot standby relationship is established. To eliminate these configuration differences, you need to run the hrp sync config command to forcibly implement configuration synchronization or manually change the configurations of the FWs to be consistent.

If the active FW restarts or is powered off, the standby FW takes services over from the active FW. If the standby FW has new configuration, the configuration will not be synchronized to the original active FW after the active FW recovers. You need to run the hrp sync config command to forcibly implement configuration synchronization or manually change the configurations of the FWs to be consistent.