High Availability (HA) sync is supported for inbound,
decrypted SSL sessions, if the sessions were established using non-PFS
key exchange algorithms.
The firewall supports High Availability (HA) sync only
for inbound, decrypted SSL sessions, and only if the sessions were
established using non-PFS key exchange algorithms. The firewall does
not support HA sync for any other decrypted traffic. The firewall
decrypts new sessions that start after the failover based on Decryption
policy.
The following table shows HA sync support for decrypted sessions
after a failover: