Synchronization of System Runtime Information
Focus
Focus

Synchronization of System Runtime Information

Table of Contents
End-of-Life (EoL)

Synchronization of System Runtime Information

The following table summarizes what system runtime information is synchronized between HA peers.
Runtime Information
Config Synced?
HA Link
Details
A/P
A/A
Management Plane
User to Group Mappings
Yes
Yes
HA1
User Mappings across Virtual Systems
Yes
Yes
HA1
User to IP Address Mappings
Yes
Yes
HA1
In an A/A configuration, only the Active-Primary peer connects to User-ID Servers or Agents, and not the Active-Secondary peer. If the Active-Primary peer is Suspended or offline, the Active-Secondary peer connects to the User-ID Servers or Agents.
DHCP Lease (as server)
Yes
Yes
HA1
If the PAN-OS versions on the HA peers don’t match, the DHCP Lease (as server) config information won’t sync.
DNS Cache
No
No
N/A
FQDN Refresh
No
No
N/A
IKE SAs [Security Associations] (phase 1)
No
No
N/A
Forward Information Base (FIB)
Yes
No
HA1
Multicast FIB (MFIB)
Yes
No
HA1
PAN-DB URL Cache
Yes
No
HA1
This is synchronized upon database backup to disk (every eight hours, when URL database version updates), or when the firewall reboots.
Content (manual sync)
Yes
Yes
HA1
PPPoE, PPPoE Lease
Yes
Yes
HA1
DHCP Client Settings and Lease
Yes
Yes
HA1
If the PAN-OS versions on the HA peers don’t match, the DHCP Client Settings and Lease config information won’t sync.
SSL VPN Logged in User List
Yes
Yes
HA1
Dataplane
Session Table
Yes
Yes
HA2
  • Active/passive peers do not sync ICMP or host session information.
  • Active/active peers do not sync host session, multicast session, or BFD session information.
    A host session is a session terminated on one of the firewall interfaces, such as an ICMP session pinging one of the firewall interfaces or a GP tunnel.
Multicast Session Table
Yes
No
HA2
ARP Table
Yes
No
HA2
Neighbor Discovery (ND) Table
Yes
No
HA2
MAC Table
Yes
No
HA2
IPSec SAs [Security Associations] (phase 2)
Yes
Yes
HA2
IPSec Sequence Number (anti-replay)
Yes
Yes
HA2
DoS Block List Entries
No
No
N/A
Virtual MAC
Yes
Yes
HA2
SCTP Associations
Yes
No
HA2