3 Managing EFW Devices Using the Policy Servers36 Audit and heartbeat and audit information is sent to the server from which the NIChas last heard, which means that no audit or heartbeats are sent until a serverresponds to a wake-up. These messages could be lost if the server is not available orreachable due to network problems. A NIC does not retry these messages.Therefore, if you have assigned backup Policy Servers for all of your primary Policy Servers,as long as one Policy Server remains online, there is no interruption to normal EFWoperations.If you take all of your Policy Servers offline, there is no impact to the ongoing policyenforcement of the EFW devices in the domain, but heartbeat information and auditrecords are lost for this time period. Machines that are rebooted implement their fallbackmode until a server comes back online.Configuring Policy Servers for RedundancyPolicy Servers can be configured redundantly for high availability. Currently, up to threeredundant Policy Servers can be deployed in a single EFW domain. A Policy Server canspecify a second Policy Server to serve as a backup Policy Server if the primary server isunavailable. If desired, a third Policy Server can also be specified in case neither theprimary nor backup servers are available.Most system data is replicated across all Policy Servers in an EFW domain. This replicationhappens regardless of whether any Policy Servers have assigned backup Policy Servers.You may, therefore, connect via the Management Console to any Policy Server and performconfiguration and policy actions on any EFW device in the domain, regardless of its primaryor backup Policy Server assignments. Either the primary Policy Server or a backup server forthat Policy Server distributes the new policy to the device, but you do not need to beconnected to one of these Policy Servers to request the distribution of this change.Heartbeat information is replicated periodically, rather than immediately. The most up-to-date information about an EFW device can be found by connecting the ManagementConsole to its primary Policy Server, rather than to another Policy Server in the EFWdomain. However, because the time period for replication is relatively short, this periodicreplication will not be an issue in most operational circumstances.Although audit records are not replicated across Policy Servers, audit query resultsautomatically include records found on other servers (if requested), regardless of the PolicyServer to which you are connected when executing the query.NOTE: For troubleshooting purposes, the list of IP addresses that a securedcomputer attempts to contact can be found on that computer in a file calledembdfw.ini in the System or System32 folder.NOTE: The EFW system allows one minute for the primary Policy Server to reply to a NICboot-up before the secured computer attempts to contact any backup Policy Servers.