Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
dj0Nz
Advisor
Jump to solution

Maestro Sync Question

Hi Mates,

received two Maestro Sync questions I'm unsure with (maybe silly questions):

  1. In Dual room setup, if Sync goes down, only first MHO is processing traffic right?
  2. Is it possible to configure Sync redundancy (second link or bonding) in Dual Room single site with two MHO-175 (R81.10)?

Thank you very much!

Bye

Michael

0 Kudos
1 Solution

Accepted Solutions
Timothy_Hall
Champion
Champion

The Sync interface between Dual MHO's is used for configuration sync operations only, so that if a configuration change is made on one of them it will also be made on the other.  That is it, there is no state table sync or anything else going on that will immediately impact the operation of the MHOs if the Sync interface goes down.  So if the Sync interface goes down both MHO's will continue to pass traffic normally, although if a config change is made on one MHO and not propagated to the other in this state it could definitely cause traffic handling issues.

Yes you can have redundant Sync interfaces, you'd just need to change the type of the second port from whatever it is to type "Sync".  Depending on the Orchestrator model there may be restrictions about what physical ports can be reassigned to be for Sync.  There’s no need to manually create a Bond interface as it will be created automatically by the Orchestrator when the second Sync interface is defined. The bond link aggregation will operate in XOR mode.

Updated 2023 IPS/AV/ABOT R81.20 Course now
available at maxpowerfirewalls.com

View solution in original post

2 Replies
Timothy_Hall
Champion
Champion

The Sync interface between Dual MHO's is used for configuration sync operations only, so that if a configuration change is made on one of them it will also be made on the other.  That is it, there is no state table sync or anything else going on that will immediately impact the operation of the MHOs if the Sync interface goes down.  So if the Sync interface goes down both MHO's will continue to pass traffic normally, although if a config change is made on one MHO and not propagated to the other in this state it could definitely cause traffic handling issues.

Yes you can have redundant Sync interfaces, you'd just need to change the type of the second port from whatever it is to type "Sync".  Depending on the Orchestrator model there may be restrictions about what physical ports can be reassigned to be for Sync.  There’s no need to manually create a Bond interface as it will be created automatically by the Orchestrator when the second Sync interface is defined. The bond link aggregation will operate in XOR mode.

Updated 2023 IPS/AV/ABOT R81.20 Course now
available at maxpowerfirewalls.com
dj0Nz
Advisor

Ah yes, now that you mention it, indeed that was a topic in one of the workshops but I wasn't sure any more. Thank your very much for explaining!

Bye
Michael

0 Kudos