SonicOS 7.1 High Availability Administration Guide
- SonicOS 7.1
- About SonicOS
- High Availability
- High Availability Status
- Configuring High Availability
- Configuring High Availability in the Cloud Platform
- Set up an Active/Standby High Availability Configuration Using Azure
- Install the Custom Template
- Enable Identity of Both Virtual Machines (HA1 and HA2)
- Role Assignment
- Check the Networking Tab
- Configuring Active NSv Firewall Using the Associated Public IP
- Configuring Standby NSv Firewall Using the Associated Public IP
- Enable the L3 Mode
- Configuring Active NSv Firewall Using the Floating Public IP
- Configuring HA to Active/Standby with L3 HA link
- Adding Additional Floating Public IP
- Set up an Active/Standby High Availability Configuration Using Azure
- Fine Tuning High Availability
- Monitoring High Availability
- Azure Use Cases
- SonicWall Support
Configuring Active/Standby High Availability Settings
The configuration tasks on DEVICE | High Availability > Settings are performed on the Primary firewall and then are automatically synchronized to the Secondary firewall.
To configure Active/Standby
- Navigate to DEVICE | High Availability > Settings.
- In GENERAL SETTINGS section, do the following:
- Select Active / Standby from the Mode drop-down field.
(Optional) If Licensed, select Enable Stateful Synchronization. This option is not selected by default.
When Stateful High Availability is not enabled, session state is not synchronized between the Primary and Secondary firewalls. If a failover occurs, any session that had been active at the time of failover needs to be renegotiated.
(Optional) Click OK in the information dialog displayed.
(Optional) To configure the High Availability Pair so that the Primary firewall takes back the Primary role when it restarts after a failure, select Enable Preempt Mode. This option is not selected by default.
It is recommended that preempt mode be disabled when enabling Stateful High Availability because preempt mode can be over-aggressive about failing over to the Standby firewall.
- (Optional) Click OK.
(Optional) Select Enable Virtual MAC to allow the Primary and Secondary firewalls to share a single MAC address. This greatly simplifies the process of updating network ARP tables and caches when a failover occurs. This option is not selected by default.
If PPPoE Unnumbered is configured, you must select Enable Virtual MAC.
Only the switch to which the two firewalls are connected needs to be notified. All outside devices continue to route to the single shared MAC address.
(Optional) To encrypt HA control communication between the active and standby firewalls, select Enable Encryption for Control Communication. This option is not selected by default.
Firewall performance may be affected if you choose encryption.
A confirmation message displays:
- (Optional) Click OK.
-
In the HA DEVICES section, enter the Serial Number of the SECONDARY DEVICE.
The serial number for the Primary Device is displayed, but the field is dimmed and cannot be edited.
- In the HA INTERFACES section:
Select the interface for the HA Control Interface.
This option is dimmed and the interface displayed if the firewall detects that the interface is already configured.
- (Optional) Select the interface for the HA Data Interface.
- When finished with all High Availability configuration, click Accept. All settings are synchronized to the Secondary firewall, and the Secondary firewall reboots.
Was This Article Helpful?
Help us to improve our support portal