10/28/2021 13 People found this article helpful 457,993 Views
You can notice by logging to the Idle / Standby unit that it cannot reach Internet, the licensing servers or any host located behind the SonicWall.
If you are going to System | Diagnostic | Check Network Settings, tick all boxes then click Test All Selected all options will come back red.
In a "best practice" environment where the HA pair is connected with the HA link, but connected as well into the same WAN switch and the same LAN switch. The switchports in the WAN switch where both X1 connect will be configured in the same VLAN. Same applies for X0 on the LAN switch.
In the below example, both X1 of the Primary and Secondary are connected to switchports Fa0/3 and Fa0/4 on the WAN switch. Both are configured in the VLAN ID 10.
The same way, both X0 interfaces are connected to the same LAN switch on the switchports Fa0/5 and Fa0/6, configured in the VLAN ID 20.
There are some switch models that are able to learn only one MAC address per VLAN, from the switchport where the Active appliance is connected.
The MAC address that is learned is the one displayed in the High Availability |Monitoring |Interface X | Monitoring Settings | Virtual MAC.
That will happen with or without the Virtual MAC option enabled, that allows the HA pair to share the same virtual MAC address on each interface.
NOTE: This will only cause issues while troubleshooting from the Idle / Standby appliance, or to register it the first time or after a factory default because in an HA setup we only really need one appliance connected to Internet.
By failing over, the Secondary will become the active appliance and the Primary as Idle / Standby unit is the one that won't be able to pass traffic, LAN and WAN side.