Why are session states synchronized with high availability? Like my title says, why are session states synchronized between peers in most HA protocols? I assume TCP states like Esablished, Invalid, New and Related are...--prophetes.ai

Why are session states synchronized with high availability? Like my title says, why are session states synchronized between peers in most HA protocols? I assume TCP states like Esablished, Invalid, New and Related are synchronized, but I don't get why you want to have that synchronized between peers, since a firewall has nothing to do with a TCP flow between 2 peers?

> ... since a firewall has nothing to do with a TCP flow between 2 peers?

A stateful firewall has a state for each TCP connection and will only allow packets matching this state to be valid in the context of this TCP connection - and only valid packets will be passed through. "Valid" does not only mean that there is an established connection but also that the sequence numbers of the packets match the range of expected sequence numbers.

These expected sequence numbers are part of the state of the connection and they change whenever new packets for the connection get passed. Insofar these states have to be regularly synchronized between firewall peers inside a HA cluster.