W
EB
F
ILTER
I
NTRODUCTORY
S
ECTION
C
HAPTER
3: S
YNCHRONIZING
M
ULTIPLE
U
NITS
46
M86 S
ECURITY
U
SER
G
UIDE
should receive its running filter configuration in the event of
a reboot.
WARNING
: If a Web Filter server is set up in the Target mode
with a NAT device between the target and source server, be sure
that ports 26262 and 26268 are open on the target server. This
setup is required so that the target server can communicate with
the source server.
Types of Synchronization Processes
Synchronization involves two types of processes: filtering
profile synchronization, and library synchronization.
Filtering Profile Synchronization Process
In the filtering profile synchronization process, if a filtering
change is made on the source server—whether the update
is a global, IP, LDAP, minimum filtering bypass activation, or
user profile update—the change is applied locally. Once
locally applied on the source server, this update is sent to all
target Web Filters. Each target server will then immediately
apply this filtering change. The result is that profile updates
occur on all Web Filter units in near real time.
In the event that a target server is unable to communicate
with the source server, the target server will continue to run
the last known configuration it received from the source
server. The only exception to this scenario is that active
profiles—such as LDAP or override accounts—will not run
on the target server, since active profiles are timed out after
a specified period of time. However, all IP based filters—
such as the minimum filtering level, and the global rule that
was last received from the source server—will be applied.
When the target server resumes communication with the
source server, it will actively download and apply the latest
running configuration from the source server.