SonicOS 8 High Availability
- SonicOS 8
- About SonicOS
- High Availability
- High Availability Status
- Configuring High Availability
- Configuring High Availability in the Cloud Platform
- Set up an Active/Standby High Availability Configuration Using Azure
- Install the Custom Template
- Enable Identity of Both Virtual Machines (HA1 and HA2)
- Role Assignment
- Check the Networking Tab
- Configuring Active NSv Firewall Using the Associated Public IP
- Configuring Standby NSv Firewall Using the Associated Public IP
- Enable the L3 Mode
- Configuring Active NSv Firewall Using the Floating Public IP
- Configuring HA to Active/Standby with L3 HA link
- Adding Additional Floating Public IP
- Set up an Active/Standby High Availability Configuration Using Azure
- Fine Tuning High Availability
- Monitoring High Availability
- Azure Use Cases
- SonicWall Support
High Availability Modes
High Availability has several operation modes, which can be selected on DEVICE | High Availability > Settings.
- None - Selecting None activates a standard high availability configuration and hardware failover functionality, with the option of enabling Stateful HA.
-
Active/Standby - Active/Standby mode provides basic high availability with the configuration of two identical Security Appliances as a High Availability Pair. The Active unit handles all traffic, while the Standby unit shares its configuration settings and can take over at any time to provide continuous network connectivity if the Active unit stops working.
By default, Active/Standby mode is stateless, meaning that network connections and VPN tunnels must be re-established after a failover. To avoid this, Stateful Synchronization can be licensed and enabled with Active/Standby mode. In this Stateful HA mode, the dynamic state is continuously synchronized between the Active and Standby units. When the Active unit encounters a fault condition, stateful failover occurs as the Standby Security Appliance takes over the Active role with no interruptions to the existing network connections.
Stateful HA is:
- Included on NSA 4600 and higher NSA platforms.
- Supported on the NSA 2600 and NSA 3600 platforms with a SonicOS Expanded License or a High Availability License.
- Supported on the TZ500 and higher TZ platforms with a SonicOS Expanded License or a High Availability (Stateful) Upgrade License.
For licensing information, see SonicOS 8 Settings document.
-
Active/Active DPI—The Active/Active Deep Packet Inspection (DPI) mode can be used along with the Active/Standby mode. When Active/Active DPI mode is enabled, the processor intensive DPI services, such as Intrusion Prevention (IPS), Gateway Anti-Virus (GAV), and Anti-Spyware are processed on the standby Security Appliance, while other services, such as firewall, NAT, and other types of traffic are processed on the Active Security Appliance concurrently.
Active/Active DPI is:
- Included on the SM 9000 series platforms.
- Supported on the NSA 5600 and above platforms with a SonicOS Expanded License or a High Availability (Stateful) License.
For licensing information, see SonicOS 8 Settings document.
-
Active/Active Clustering—In this mode, multiple Security Appliances are grouped together as cluster nodes, with multiple Active units processing traffic (as multiple gateways), doing DPI and sharing the network load. Each cluster node consists of two units acting as a Stateful HA pair. Active/Active Clustering provides Stateful Failover support in addition to load-sharing. Optionally, each cluster node can also consist of a single unit, in which case Stateful Failover and Active/Active DPI are not available.
Active/Active Clustering is:
- Included on the SM 9000 series platforms.
- Supported on NSA 3600 and above platforms only with the purchase of a SonicOS Expanded License.
For licensing information, see SonicOS 8 Settings document.
-
Active/Active DPI Clustering—This mode allows for the configuration of up to four HA cluster nodes for failover and load sharing, where the nodes load balance the application of DPI security services to network traffic. This mode can be enabled for additional performance gain, utilizing the standby units in each cluster node.
Active/Active DPI Clustering is:
- Included on the SM 9000 series platforms.
- Supported on NSA 3600 and above platforms only with the purchase of a SonicOS Expanded License.
For licensing information, see SonicOS 8 Settings document.
Was This Article Helpful?
Help us to improve our support portal