Monitoring High Availability

The monitoring display enables the ports on both firewall instances to be continuously checked for performance. To do this, a probe port is defined for each port.

HA Mode - One method to determine which SonicWall is Active is to check the HA Settings Status indicator on the DEVICE | High Availability > Settings page. If the Primary SonicWall is Active, the first line in the page indicates that the Primary SonicWall is currently Active. It is also possible to check the status of the Secondary SonicWall by logging into the LAN IP address of the Secondary SonicWall.

Monitoring Display

To set the independent LAN management IP addresses and configure physical and/or logical interface monitoring

1. Login as an administrator to the Primary SonicWall appliance.
2. Navigate to DEVICE | High Availability > Monitoring.
3. Click the Configure icon for an interface on the LAN, such as X0. The Edit HA Monitoring dialog box displays.

   

4. To enable link detection between the designated HA interfaces on the Primary and Secondary units, leave Physical Interface Monitoring enabled. This option is selected by default on only X0 (default LAN) and X1 (default WAN).
5. In the Primary IPv4/v6 Address field, enter the unique LAN management IP address of the Primary unit. The default is 0.0.0.0.
6. In the Secondary IPv4/v6 Address field, enter the unique LAN management IP address of the Secondary unit. The default is 0.0.0.0.
7. Select Allow Management on Primary/Secondary IP Address. When this option is enabled for an interface, a green icon appears in the interface’s Management column in the Monitoring Settings table. Management is only allowed on an interface when this option is enabled. This option is not selected by default.
8. In the Logical Probe IPv4/v6 Address field, enter the IP address of a downstream device on the LAN network that should be monitored for connectivity. Typically, this should be a downstream router or server. (If probing is desired on the WAN side, an upstream device should be used.) This option is not selected by default.

   The Primary and Secondary security appliances regularly ping this probe IP address. If both successfully ping the target, no failover occurs. If neither successfully ping the target, no failover occurs, because it is assumed that the problem is with the target, and not the security appliances. But, if one security appliance can ping the target but the other cannot, failover occurs to the security appliance that can ping the target.

   The Primary IPv4/v6 Address and Secondary IPv4/v6 Address fields must be configured with independent IP addresses on a LAN interface, such as X0, (or a WAN interface, such as X1, for probing on the WAN) to allow logical probing to function correctly.

9. Optionally, to manually specify the virtual MAC address for the interface, select Override Virtual MAC and enter the MAC address in the field. The format for the MAC address is six pairs of hexadecimal numbers separated by colons, such as A1:B2:C3:d4:e5:f6. This option is not selected by default.

   Care must be taken when choosing the Virtual MAC address to prevent configuration errors.

   When Enable Virtual MAC is selected on DEVICE | High Availability > Advanced Settings, the SonicOSX firmware automatically generates a Virtual MAC address for all interfaces. Allowing the SonicOSX firmware to generate the Virtual MAC address eliminates the possibility of configuration errors and ensures the uniqueness of the Virtual MAC address, which prevents possible conflicts.

10. Click OK.
11. To configure monitoring on any of the other interfaces, repeat Step 3 through Step 10 for each interface.
12. When finished with all High Availability configuration, click ACCEPT. All settings are synchronized to the Secondary unit automatically.