• SonicOS 7.1
• About SonicOS
  • Working with SonicOS
  • SonicOS Workflow
  • How to Use the SonicOS Administration Guides
  • Guide Conventions
• About Switch Network
  • Before Adding a Switch
  • Enabling the Switch
  • Setting Up Ports
  • Checking Switch Details
• Managing from a Firewall
  • Adding a Switch to a Firewall with Zero-Touch
  • Adding a Switch to a Firewall Manually
  • Changing the Switch Configuration
  • Upgrading Firmware
  • Shutting Down the Switch
  • Restarting the Switch
  • Setting Up PoE
  • Adding a VLAN
  • Adding Static Routes
  • Editing DNS
  • Setting Up QoS
  • Setting Up Users
  • Setting Up 802.1X Authentication
  • Daisy-Chaining Switches
  • Connecting Access Points
  • Modifying the MAC Address Table
  • Checking Port Statistics
• Configuring Switch Topologies
  • Configuring Basic Topologies
  • Connecting the Switch Management Port to a Firewall
  • Configuring a Common Uplink
  • Configuring a Dedicated Uplink
  • Configuring a Hybrid System with Common and Dedicated Uplinks
  • Configuring Isolated Links for Management and Data Uplinks
  • Configuring High Availability
    • Configuring HA and PortShields With Dedicated Uplinks
    • Configuring HA and PortShield With a Common Uplink
    • Configuring HA Using One Switch Management Port
    • Configuring HA Using Two Switch Management Ports
  • Configuring VLANs With Dedicated Uplinks
  • Configuring a Link to SonicWall Access Points
• SonicWall Support
  • About This Document

Configuring HA and PortShield With a Common Uplink

In this configuration with PortShield functionality in HA mode, a link between the active/standby firewalls and the Switch serves as a common uplink to carry all the portshielded traffic. Firewall interfaces that serve as PortShield hosts are connected to a separate Switch (not necessarily a Switch) and not the same Switch connected to the active and standby units. This other Switch avoids the looping of packets for the same PortShield VLAN. The PortShield members can be connected to ports on the Switch that is controlled by the active/standby firewalls.

HA Pair Using a Common Switch Topology shows a firewall pair and two Switches. The link between X3 and Switch 1 is set up as a common uplink. Similarly, the link between X2 and Switch 2 is set up as a common uplink. The PortShield hosts X0 are connected to a different Switch (which could be a SonicWall Switch or any other vendor’s Switch) to avoid looping of packets. Ports 10 on both Switch 1 and Switch 2 are portshielded to X0, and hosts connected to Ports 10 on both Switches can communicate using the common uplink.

To set up HA with a common uplink

Add Switches manually after creating the HA pair. Activating HA mode after Switches are added will not work.

1. Add the Switch and set up the data uplink.

2. On the Network > Interfaces page, configure these interfaces for both firewalls

   X0	LAN/PortShield host
   X1	WAN
   X2	Firewall uplink on the firewall for Switch 2
   X3	Firewall uplink on the firewall for Switch 1

3. Configure common uplinks except for these ports:

   Switch 1 Interface	10	Host-facing interface portshielded to X0
   	21	Switch uplink for the primary firewall
   	23	Switch uplink for the secondary firewall
   Switch 2 Interface	10	Host-facing interface portshielded to X0
   	21	Switch uplink for the primary firewall
   	23	Switch uplink for the secondary firewall