Updates For Anti-Virus/Anti-Bot/Application Control/URL Filtering blades are not working on standby ClusterXL member
Environment: Failover Behavior for IPS blade is set to "Prefer Security".
IPS information for most protocols is not synced between the members. For this reason, if a failover occurs, it is more secure to drop this connection rather than keep it.
In other words, when a failover happens between the members, the new active member doesn't have the data the IPS engine collected so far about this connection. If, for example, an attack took place on a certain connection and divided into 4 packets, and 3 were accepted on the first active member. At this point a failover occurs, the new active member will not have the data of the first 3 packets but only receive the 4th packet, hence it will be more secure to terminate the connection rather than keep it alive.