Step 2

In the left navigation pane, navigate to High Availability > Advanced .

Step 3

To configure Stateful High Availability, available on SonicWALL NSA series appliances, select Enable Stateful Synchronization . Fields are displayed with recommended settings for the Heartbeat Interval and Probe Interval fields. The settings shown are minimum recommended values. Lower values may cause unnecessary failovers, especially when the SonicWALL is under a heavy load. You can use higher values if your SonicWALL handles a lot of network traffic.

Step 4

Click OK in the Stateful Synchronization recommended settings dialog box.

Step 5

To configure Active/Active UTM, available on SonicWALL NSA series appliances, select the Enable Active/Active UTM checkbox.

Step 6

If enabling Active/Active UTM, select an interface in the HA Data Interface drop-down list.
This interface will be used for transferring data between the two units during Active/Active UTM processing. Only unassigned, available interfaces appear in the drop-down list.

Step 7

To configure the High Availability Pair so that the Primary unit takes back the Primary role once it restarts after a failure, select Enable Preempt Mode . Preempt mode is recommended to be disabled when enabling Stateful High Availability, because preempt mode can be over-aggressive about failing over to the Backup appliance.

Step 8

To back up the settings when you upgrade the firmware version, select Generate/Overwrite Backup Firmware and Settings When Upgrading Firmware .

Step 9

Select the Enable Virtual MAC checkbox. Virtual MAC allows the Primary and Backup appliances to share a single MAC address. This greatly simplifies the process of updating network ARP tables and caches when a failover occurs. Only the switch to which the two appliances are connected needs to be notified. All outside devices will continue to route to the single shared MAC address.

Step 10

Optionally adjust the Heartbeat Interval to control how often the two units communicate. The default is 5000 milliseconds; the minimum supported value is 1000 milliseconds. You can use higher values if your SonicWALL handles a lot of network traffic.

Step 11

Set the Failover Trigger Level to the number of heartbeats that can be missed before failing over. The default is 5.

Step 12

Set the Probe Interval to the interval in seconds between probes sent to specified IP addresses to monitor that the network critical path is still reachable. This is used in logical monitoring. SonicWALL recommends that you set the interval for at least 5 seconds. The default is 20 seconds, and the allowed range is 5 to 255 seconds. You can set the Probe IP Address(es) on the High Availability > Monitoring screen. See “Configuring High Availability > Monitoring” .

Step 13

Set the Probe Count to the number of consecutive probes before SonicOS Enhanced concludes that the network critical path is unavailable or the probe target is unreachable. This is used in logical monitoring. The default is 3, and the allowed range is 3 to 10.

Step 14

Set the Election Delay Time to the number of seconds allowed for internal processing between the two units in the High Availability Pair before one of them takes the Primary role. The default is 3 seconds.

Step 15

Set the Dynamic Route Hold-Down Time to the number of seconds the newly-Active appliance keeps the dynamic routes it had previously learned in its route table. This setting is used when a failover occurs on a High Availability pair that is using either RIP or OSPF dynamic routing. When a failover occurs, Dynamic Route Hold-Down Time is the number of seconds the newly-Active appliance keeps the dynamic routes it had previously learned in its route table. During this time, the newly-Active appliance relearns the dynamic routes in the network. When the Dynamic Route Hold-Down Time duration expires, it deletes the old routes and implements the new routes it has learned from RIP or OSPF. The default value is 45 seconds. In large or complex networks, a larger value may improve network stability during a failover.

Step 16

Select the Include Certificates/Keys checkbox to have the appliances synchronize all certificates and keys.

Step 17

You do not need to click Synchronize Settings at this time, because all settings will be automatically synchronized to the Idle unit when you click Accept after completing HA configuration . To synchronize all settings on the Active unit to the Idle unit immediately, click Synchronize Settings . The Idle unit will reboot.

Step 18

Click Synchronize Firmware if you previously uploaded new firmware to your Primary unit while the Backup unit was offline, and it is now online and ready to upgrade to the new firmware. Synchronize Firmware is typically used after taking your Backup appliance offline while you test a new firmware version on the Primary unit before upgrading both units to it.

Step 19

When finished with all High Availability configuration, click Accept . All settings will be synchronized to the Idle unit automatically.