Connection information of the traffic running on a given tier-0 SR (Service Router) is synchronized to its peer tier-0 SR in active-standby or stateful active-active HA modes. Note that stateful active-active mode is only available starting with NSX 4.0.1.1.
In NSX 4.0.0.1, note the following about state synchronization:
- State synchronization is supported for Gateway Firewall, Identity Firewall, NAT, IPSec VPN, and DHCP.
- If new sessions were going through a tier-0 SR just before a failover, it might happen that those sessions were not synchronized on the associated tier-0 SR and potentially affect the traffic for those sessions.
Starting with NSX 4.0.1.1, note the following about state synchronization:
- In active-standby mode, state synchronization is supported for Gateway Firewall, Identity Firewall, NAT, IPSec VPN, and DHCP.
- In active-active mode, state synchronization is supported for Gateway Firewall, Identity Firewall, and NAT. IPSec VPN is not supported.
- If new sessions were going through a tier-0 SR just before a failover, it might happen that those sessions were not synchronized on the associated tier-0 SR and potentially affect the traffic for those sessions.