Unable access High availability idle device using monitoring IP address
Description
We cannot access High availability idle device using monitoring IP address in some cases when we are accessing the idle device monitoring IP from different interface consisting of different subnet mask than the monitoring IP. This article describes adding necessary rules to get access to the standby/idle unit using it's monitoring IP.
Resolution for SonicOS 7.X
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
Create below NAT policies on High Availability Active device in order to access ideal device using monitoring IP address:
- Click Policy in the top navigation menu.
- Click Rules and Policies| NAT Rules.
- Click the Add button at the bottom of the page and a pop-up window will appear.
- For the NAT rule to access primary monitoring IP, select the fields as below on the Original and translated tabs. Leave all fields on the Advanced/Actions tab as default. Click on Add to add the NAT Policy to the SonicWall NAT Policy Table.
Original source: Any
Translated source: HF Backup X0 IP
Original Destination: HF Primary X0 IP
Translated Destination: Original
Original Service: Any (ICMP/HTTP management/HTTPS management)
Translated Service: Original
Inbound Interface: Any
Outbound Interface: X0
For the NAT rule to access secondary monitoring IP, select the fields as below on the Original and translated tabs. Leave all fields on the Advanced/Actions tab as default. Click on Add to add the NAT Policy to the SonicWall NAT Policy Table.
Original source: Any
Translated source: HF Primary X0 IP
Original Destination: HF Backup X0 IP
Translated Destination: Original
Original Service: Any (ICMP/HTTP management/HTTPS management)
Translated Destination: Original
Inbound Interface: Any
Outbound Interface: X0
NOTE: If you want to be very much specific about the services; then you can choose ICMP/ HTTP Management/ HTTPs Management or add them in a group and select it under Original Service in the NAT rule instead of leaving it to Any.
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
- Click Manage in the top navigation menu.
- Click Rules | NAT Policies.
- Click the Add a new NAT Policy button and a pop-up window will appear.
- For the NAT rule to access primary monitoring IP, select the fields as below on the Original and translated tabs. Leave all fields on the Advanced tab as default. Click on Add to add the NAT Policy to the SonicWall NAT Policy Table.
Original source: Any
Translated source: HF Backup X0 IP
Original Destination: HF Primary X0 IP
Translated Destination: Original
Original Service: Any (ICMP/HTTP management/HTTPS management)
Translated Service: Original
Inbound Interface: Any
Outbound Interface: X0
For the NAT rule to access secondary monitoring IP, select the fields as below on the Original and translated tabs. Leave all fields on the Advanced tab as default. Click on Add to add the NAT Policy to the SonicWall NAT Policy Table.
Original source: Any
Translated source: HF Primary X0 IP
Original Destination: HF Backup X0 IP
Translated Destination: Original
Original Service: Any (ICMP/HTTP management/HTTPS management)
Translated Destination: Original
Inbound Interface: Any
Outbound Interface: X0
NOTE: If you want to be very much specific about the services; then you can choose ICMP, HTTP Management, HTTPs Management or add them in a group and select it under Original Service in the NAT rule instead of leaving it to Any.