• SonicOS 7.1
• About SonicOS
  • Working with SonicOS
  • SonicOS Workflow
  • How to Use the SonicOS Administration Guides
  • Guide Conventions
• High Availability
  • About High Availability
    • High Availability Terminology
    • High Availability Modes
    • High Availability Encryption
    • Crash Detection
    • Virtual MAC Address
    • Dynamic WAN Interfaces with PPPoE HA
    • Stateful Synchronization with DHCP
    • Stateful Synchronization with DNS Proxy
    • About HA Monitoring
  • Understanding High Availability
    • Understanding SonicWall High Availability Operation Modes
    • About Active/Standby HA
  • Benefits of Active/Standby HA
    • Working of Active/Standby HA
    • About Stateful Synchronization
    • Benefits of Stateful Synchronization
  • How Does Stateful Synchronization Work?
    • Example of Stateful Synchronization
    • Active/Standby Prerequisites
  • Supported Platforms and Licensing for HA
    • Physically Connecting Your Security Appliances
    • Maintenance
      • Removing an HA Association
      • Replacing a SonicWall Security Appliance
• Replacing an HA Primary Unit
  • Replacing an HA Secondary Unit
    • High Availability Status
    • Active/Standby High Availability Status
    • High Availability Status
• High Availability Config
  • High Availability Licenses
  • Configuring High Availability
• Configuration of HA Active/Standby
  • Configuring Active/Standby High Availability Settings
    • Configuring HA with Dynamic WAN Interfaces
    • Configuring Network DHCP and Interface Settings
    • Disabling the SonicOS DHCP Server
    • Configuring Virtual IP Addresses
    • Configuring Redundant Ports
    • Fine Tuning High Availability
    • Advanced Settings
    • Configuring Advanced High Availability Settings
    • Monitoring High Availability
    • Configuring Active/Standby High Availability Monitoring
• IPv6 High Availability Monitoring
  • IPv6 HA Monitoring Considerations
  • SonicWall Support
• About This Document
  • Configuring Active/Standby High Availability Monitoring
  • IPv6 High Availability Monitoring
  • IPv6 HA Monitoring Considerations
• Azure Use Cases
  • Use Case 1: Manage Azure HA Firewall
  • Use Case 2: Forward LAN traffic to the External Network through the Gateway after HA Failover
  • Use Case 3: Configure DNAT on Azure HA Firewall
  • Use Case 4: Configure DNAT on Azure HA Firewall (Need to move multiple floating IPs support)
• SonicWall Support
  • About This Document

High Availability Modes

High Availability has several operation modes, which can be selected on Device > High Availability > Settings.

Choosing the right High Availability Operation mode depends on understanding the network in question, its purpose and operational needs. In planning, the administrator should understand:

• Operational requirements for up time

• Repercussions of failure

• Calculated risk to operations

Each operation mode satisfies a different scenario and without knowing the goals of High Availability, administrators risk building an unsatisfactory solution. Understanding the operational mode and how they map to requirements is fundamental. This Active/Standby mode may be further defined as to whether they are stateless or stateful to a secondary device.

Operational modes are:

• None—Selecting None activates a standard high availability configuration and hardware failover functionality, with the option of enabling Stateful HA.

• Active/Standby Stateless—Active/Standby mode provides basic high availability with the configuration of two identical firewalls as a High Availability Pair. The Active unit handles all traffic, while the Standby unit shares its configuration settings and can take over at any time to provide continuous network connectivity if the Active unit stops working. By default, Active/Standby mode is stateless, meaning that network connections and VPN tunnels must be re-established after a failover.

• Active/Standby Stateful—Stateful Synchronization can be licensed and enabled with Active/Standby mode. In this Stateful HA mode, the dynamic state is continuously synchronized between the Active and Standby units.

  Network connections and VPN tunnel information are continuously synchronized between the two units so that the Secondary can seamlessly assume all network responsibilities if the Primary firewall fails.

  When the Active unit encounters a fault condition, stateful failover occurs as the Standby firewall takes over the Active role with no interruptions to the existing network connections.

  Not all information is synchronized in a stateful configuration.