What are the differences between automatic session backup and quick session backup

1

The differences between quick session backup and automatic session backup are as follows:
-In quick session backup, sessions are synchronized to the standby firewall immediately after being set up. In automatic session backup, only sessions that require backup and are detected by the session aging thread are synchronized to the standby firewall.
-The quick session backup function can back up half-open TCP sessions and sessions to the firewall.

If the forward and return paths are different, enable quick session backup to ensure that the sessions on the two firewalls are the same.

Other related questions:
Problem and solution when TCP services are interrupted intermittently when fast backup is enabled on the USG and incoming and outgoing packets are forwarded by active and standby USGs?
If the TCP SYN packet passes through one firewall in hot standby networking and the SYN-ACK packet through the other one but the session table is not yet backed up, the packet is discarded due to status error. When incoming and outgoing packet paths are different and the traffic is relatively heavy, certain services may be interrupted intermittently due to backup delay. If this exerts severe impacts on services, disable link status check.

What Is the Difference Between Backup and Replication?

A backup operation stores data of an EVS disk to the local backup storage.

A replication operation copies backups (generated in backup operations, used to restore EVS disk data), and stores the backup copies to the remote backup storage. When the local backups are corrupted, the remote backup copies can be used instead to restore EVS disk data.


Why does TCP services are interrupted when quick session backup is enabled in case of inconsistent forward and return paths
In case of inconsistent forward and return paths, the synchronization may fail or be delayed due to traffic bursts, result in service delay or interruption. For example, one firewall forwards TCP SYN packets, and the other forwards TCP ACK packets. If the session table is not synchronized, ACK packets may be discarded. If this condition poses great impacts on services, disable stateful inspection on the firewall.

Configuring automatic backup on the firewall
Run the hrp auto-sync [ config [ static-route ] | connection-status ] command in the system view. By default, the automatic backup function of the firewall is enabled, but the automatic backup function of static routes is disabled. You can run the hrp auto-sync config command to enable the automatic backup function (except for automatic backup of static routes). To enable automatic backup of static routes, run the hrp auto-sync config static-route command. Only IPv4, not IPv6, static routes can be automatically backed up.

Method used to configure interworking between BFD sessions and the two-node cluster hot backup on the USG firewall
The VGMP management group is the core of the two-node cluster hot backup. It determines the active/standby state of a device. By means of interworking between BFD sessions and the two-node cluster hot backup, the VGMP management group monitors static BFD sessions, and the priority of the VGMP management group varies depending on the BFD session state. In this way, the active/standby switchover between devices is triggered. This case describes key configuration for the interworking between BFD sessions and the two-node cluster hot backup using active/standby two-node cluster hot backup as an example. 1. Establish the two-node cluster hot backup on two devices. 2. On USG_A and Router_A, create BFD sessions. # On USG_A, configure BFD session 1, and set the peer IP address to 1.1.1.2, local identifier to 10, and remote identifier to 20. HRP_A[USG_A] bfd HRP_A[USG_A-bfd] quit HRP_A[USG_A] bfd 1 bind peer-ip 1.1.1.2 HRP_A[USG_A-bfd-session-1] discriminator local 10 HRP_A[USG_A-bfd-session-1] discriminator remote 20 HRP_A[USG_A-bfd-session-1] commit HRP_A[USG_A-bfd-session-1] quit # On Router_A, configure BFD session 1, and set the peer IP address to 10.100.30.2, local identifier to 20, and remote identifier to 10. 3. On USG_A, configure the interworking between BFD sessions and the two-node cluster hot backup. HRP_A[USG_A] hrp track bfd-session 10 master 4. On USG_B and Router_B, create BFD sessions. # On USG_B, configure BFD session 1, and set the peer IP address to 2.2.2.2, local identifier to 10, and remote identifier to 20. HRP_S[USG_B] bfd HRP_S[USG_B-bfd] quit HRP_S[USG_B] bfd 1 bind peer-ip 2.2.2.2 HRP_S[USG_B-bfd-session-1] discriminator local 10 HRP_S[USG_B-bfd-session-1] discriminator remote 20 HRP_S[USG_B-bfd-session-1] commit HRP_S[USG_B-bfd-session-1] quit # On Router_B, configure BFD session 1, and set the peer IP address to 10.100.40.2, local identifier to 20, and remote identifier to 10. 5. On USG_A, configure the interworking between BFD sessions and the two-node cluster hot backup. HRP_S[USG_B] hrp track bfd-session 10 slave Note: The USG6000 configuration must be consistent with the key configuration of the USG2000&5000. This case takes the USG2000&5000 as an example to describe the configuration. You can learn the USG6000 configuration in other configurations. For specific configurations, click Method used to configure interworking between BFD sessions and the two-node cluster hot backup client on the USG firewall.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top