High Availability
1173
SonicOS 5.8.1 Administrator Guide
Additional Parameters in TSR
You can tell that Active/Active UTM is correctly configured on your Stateful HA pair by
generating a Tech Support Report on the System > Diagnostics page. The following
configuration parameters should appear with their correct values in the Tech Support Report:
• Enable Active/Active UTM
• HA Data Interface configuration
To generate a TSR for this purpose:
Step 1 Log into the Stateful HA pair using the shared IP address.
Step 2 Navigate to the System > Diagnostics page.
Step 3 Under Tech Support Report, click Download Report.
Responses to DPI UTM Matches
Responses, or actions, are always sent out from the active unit of the Stateful HA pair running
Active/Active UTM when DPI UTM matches are found in network traffic. Note that this does not
indicate that all the processing was performed on the active unit.
Deep Packet Inspection discovers network traffic that matches virus attachments, IPS
signatures, Application Firewall policies, and other malware. When a match is made, SonicOS
Enhanced performs an action such as dropping the packet or resetting the TCP connection.
Some DPI match actions inject additional TCP packets into the existing stream. For example,
when an SMTP session carries a virus attachment, SonicOS sends the SMTP client a “552”
error response code, with a message saying “the email attachment contains a virus.” A TCP
reset follows the error response code and the connection is terminated.
These additional TCP packets are generated as a result of the DPI UTM processing on the idle
firewall. The generated packets are sent to the active firewall over the HA data interface, and
are sent out from the active firewall as if the processing occurred on the active firewall. This
ensures seamless operation and it appears as if the DPI UTM processing was done on the
active firewall.
Logging
If DPI UTM processing on the idle firewall results in a DPI match action as described above,
then the action is logged on the active unit of the Stateful HA pair, rather than on the idle unit
where the match action was detected. This does not indicate that all the processing was
performed on the active unit.