This article will guide you to configure High Availability on the device SonicWall firewall.
– Before configuring you need to ensure the following requirements:
- Primary and Backup devices must be the same model, and SonicOS Enhanced firmware version.
- Both devices must be registered and linked as High Availability pair on MySonicWall before connecting them together.
- Disable PortShield and Native Bridge mode on both Primary and Backup devices.
- If the secondary device has any configuration, you should factory reset it.
+ Configure High Availability on Primary device
– On the SonicWall management interface, select Device and go to High Availability | Settings.
– Mode configuration “Active / Standby”.
– Check “Enable Stateful Synchronization”. Feature requires a license and will not work without one.
– Check “Enable Virtual MAC”. Virtual MAC allows Primary and Backup devices to share the same MAC address.
– In the HA Devices section, enter serial number of secondary equipment.
– In the HA Interfaces section, select HA Control Interface that you want.
– Select Accept to save the configuration.
– Now the Primary device will find the secondary device and start synchronizing firmware (if different) and configuration with the secondary device.
+ Configure Advanced High Availability Settings
– Select on the left High Availability | Advanced.
– The settings shown are the lowest recommended values. Lower values may cause unnecessary Failover, especially when the Sonicwall is under heavy load.
– When Stateful High Availability is not enabled, session state is not synchronized between Primary and Backup devices. If a failover occurs, any session that was in place at the time of the failover must be reset.
– Option Heartbeat Interval (seconds) controls the frequency of communication between two devices, which is the time interval between status checks. Default is 5000 milliseconds, lowest recommended value is 1000 milliseconds, lower may cause unnecessary Failover.
– Failover Trigger Level (missed heart beats) is the number of Heartbeats lost before triggering Failover. The default will be set to 5. This setting is associated with Heartbeat Interval, if you set Heartbeat Interval to 10 seconds and Failover Trigger Level to 5, there will be 50 seconds before the SonicWall Failover.
– Probe Interval control the path monitor, the path monitor will send a ping to the specified IP address to ensure the connection remains accessible. The default value is 20 seconds and the allowed range is from 5 to 255 seconds.
– Election Delay Time can be used to specify the amount of time that SonicWall will wait to consider the connection established, used when the switch is set to spanning-tree delay.
+ High Availability configuration | Monitoring settings
– In High Availability | Monitoring, you can configure the management IP address for both devices in HA Pair, allowing login to each device independently. Primary IP Address and Backup IP Address must be configured with independent IP addresses.
– You can configure Logical/Probe IP address for Sonicwall to monitor a trusted device. If the Active device loses connection to this device, Failover will be triggered.
!!! Thank you for following the article!!!
Xem tiếp...