SonicOS 8 High Availability
- SonicOS 8
- About SonicOS
- High Availability
- High Availability Status
- Configuring High Availability
- Configuring High Availability in the Cloud Platform
- Set up an Active/Standby High Availability Configuration Using Azure
- Install the Custom Template
- Enable Identity of Both Virtual Machines (HA1 and HA2)
- Role Assignment
- Check the Networking Tab
- Configuring Active NSv Firewall Using the Associated Public IP
- Configuring Standby NSv Firewall Using the Associated Public IP
- Enable the L3 Mode
- Configuring Active NSv Firewall Using the Floating Public IP
- Configuring HA to Active/Standby with L3 HA link
- Adding Additional Floating Public IP
- Set up an Active/Standby High Availability Configuration Using Azure
- Fine Tuning High Availability
- Monitoring High Availability
- Azure Use Cases
- SonicWall Support
Configuring Active/Standby High Availability Monitoring
To set the independent LAN management IP addresses and configure physical and/or logical interface monitoring
- Log in as an administrator to the SonicOS Management Interface on the Active SonicWall Security Appliance.
-
Navigate to DEVICE | High Availability > Monitoring.
-
Click the Edit icon for an interface on the LAN, such as X0. The Interface Monitoring Settings dialog is displayed.
- To enable link detection between the designated HA interfaces on the Primary and Secondary units, leave Physical/Link Monitoring selected. This option is selected by default.
- In the Primary IPv4/v6 Address field, enter the unique LAN management IP address of the Primary unit and it should be same subnet as interface IP address. The default is 0.0.0.0.
- In the Secondary IPv4/v6 Address field, enter the unique LAN management IP address of the Secondary unit it should be same subnet as interface IP address. The default is 0.0.0.0.
-
Select Allow Management on Primary/Secondary IP Address. When this option is enabled for an interface, a green icon appears in the interface’s Management column in the Monitoring Settings table. Management is only allowed on an interface when this option is enabled. This option is not selected by default.
-
In the Logical/ Probe IPv4/v6 Address field, enter the IP address of a downstream device on the network that should be monitored for connectivity. Typically, this should be a downstream router or server. (If probing is desired on the WAN side, an upstream device should be used.) This option is not selected by default.
The Primary and Secondary Security Appliances regularly ping this probe IP address. If both successfully ping the target, no failover occurs. If neither successfully ping the target, no failover occurs, because it is assumed that the problem is with the target, and not the Security Appliances. But, if one Security Appliance can ping the target but the other cannot, failover occurs to the Security Appliance that can ping the target.
The Primary IPv4/v6 Address and Secondary IPv4/v6 Address fields must be configured with independent IP addresses on a the interface, such as X0, (or a WAN interface, such as X1, for probing on the WAN) to allow logical probing to function correctly.
-
(Optional) To manually specify the virtual MAC address for the interface, select Override Virtual MAC and enter the MAC address in the field. The format for the MAC address is six pairs of hexadecimal numbers separated by colons, such as A1:B2:C3:d4:e5:f6. This option is not selected by default.
Care must be taken when choosing the Virtual MAC address to prevent configuration errors.
When Enable Virtual MAC is selected on DEVICE | High Availability > Settings, the SonicOS firmware automatically generates a Virtual MAC address for all interfaces. Allowing the SonicOS firmware to generate the Virtual MAC address eliminates the possibility of configuration errors and ensures the uniqueness of the Virtual MAC address, which prevents possible conflicts.
- Click OK.
- Click Close.
Was This Article Helpful?
Help us to improve our support portal