MOVEit WAF units in a HA configuration use two protocols (CARP and Sync) to perform health checks and to synchronize the configuration between MOVEit WAF units.

CARP:

  • CARP is the HA protocol that MOVEit WAF uses.

  • Each HA unit provides health status updates to the other partner.
  • The health status updates are used by the standby MOVEit WAF to decide when it is appropriate to assume the active role.
  • On each interface, the Use for HA Checks option enables CARP requests to be sent over that interface. It can be enabled on multiple interfaces.
  • By default, MOVEit WAF uses multicast IP addresses (224.0.0.18) when sending CARP packets. Alternatively, when the Use Broadcast IP address option is enabled in the HA Parameters screen, MOVEit WAF uses the broadcast address (255.255.255.255) to send CARP packets.
  • CARP works in a similar way to Cisco's Virtual Router Redundancy Protocol (VRRP). For CARP to work between a pair of MOVEit WAF units, both MOVEit WAF units must be on the same broadcast domain.
Note: When CARP is used, packet analysis tools (such as Wireshark), incorrectly display the protocol used as Virtual Router Redundancy Protocol (VRRP). Any IP addresses displayed by the packet analysis tools are fictitious and are not part of the CARP protocol.

Sync:

  • Maintains a 'single image view' of the MOVEit WAF settings. It keeps MOVEit WAF up-to-date with changes made to Virtual Services and all other configurations.
  • Notable exceptions that are not synchronized are the time and the password for the bal user.
  • Keeps the standby MOVEit WAF updated on persistence updates.