Configuring HA Using One Switch Management Port

In this configuration with PortShield functionality in HA mode, firewall interfaces that serve as PortShield hosts should be connected to the Switch on active and standby units. The PortShield members should also be connected to ports on the Switch. The link between the firewall interface serving as the PortShield host and the Switch is set up as a dedicated uplink.

HA Pair Using One Switch Management Port Topology shows a firewall HA pair with a Switch and one dedicated link:

• The firewall interfaces, X3 and X4, on the primary unit are connected to ports 12 and 13 on the Switch.
• X3 and X4 are configured as PortShield hosts.
• Similarly, the firewall interfaces X3 and X4 on the secondary unit are connected to ports 14 and 15 on the Switch.
• Ports 12 and 14 on the Switch are portshielded to X3 with the dedicated uplink option enabled.
• Ports 13 and 15 on the Switch are portshielded to X4 with the dedicated uplink option enabled.
• Ports 2 and 4 are portshielded to X3.
• Ports 3 and 5 are portshielded to X4.

When the primary unit acts in active HA mode, traffic between H1 and X3 is carried over the dedicated link between X3 and 12 and traffic between H3 and X4 is carried over the dedicated link between X4 and 13.

When the secondary unit acts in active HA mode, traffic between H1 and X3 is carried over the dedicated link between X3 and 14, and traffic between H3 and X4 is carried over the dedicated link between X4 and 15.

The link between the firewall interface, X0, and port 1 on the switch, carries the management traffic to manage the Switch from the firewall. In such a configuration, X0 is configured to be in the same subnet as the Switch. Also, X0 on the primary as well as the secondary is ensured to be connected to port 1 of the Switch (for example, via a hub) so that when the secondary firewall becomes the active unit, the Switch can be managed via the link between the firewall interface X0 on the secondary and port 1 of the Switch. In such a configuration, when the Switch is provisioned, the Primary Switch Management and Secondary Switch Management are set to 1.

To set up HA with one dedicated uplink

Add Switches manually after creating the HA pair. Activating HA mode after Switches are added will not work.

1. Add the Switch and set up the data uplink.

2. Configure the options:

   The Firewall Uplink and Switch Uplink options are set the same in this configuration to support the redundant firewalls.

   1. Select the management and uplink interfaces from their respective drop-down menus and click on Add.
      
   2. Set management uplinks for both Primary and Secondary firewalls to to Switch port 1 and firewall interface X0.