Hardware_Failover_haAdvancedConfig1

High Availability > Advanced Settings

The configuration tasks on the High Availability > Advanced page are performed on the Primary unit and then are automatically synchronized to the Backup.

To configure the settings on the High Availability > Advanced page, perform the following steps:

  1. Login as an administrator to the SonicOS user interface on the Primary SonicWALL.

  2. In the left navigation pane, navigate to High Availability > Advanced.

  3. To configure Stateful High Availability, available on SonicWALL NSA series appliances, select Enable Stateful Synchronization. Fields are displayed with recommended settings for the Heartbeat Interval and Probe Interval fields. The settings shown are minimum recommended values. Lower values may cause unnecessary failovers, especially when the SonicWALL is under a heavy load. You can use higher values if your SonicWALL handles a lot of network traffic.

  4. When Stateful High Availability is not enabled, session state is not synchronized between the Primary and Backup SonicWALL security appliances. If a failover occurs, any session that had been active at the time of failover needs to be renegotiated.

    When Stateful High Availability is not enabled, it is not possible to enable the Active/Active UTM feature.

  5. Click OK in the Stateful Synchronization recommended settings dialog box.

  6. To configure Active/Active UTM, available on SonicWALL NSA series appliances, select the Enable Active/Active UTM checkbox.

  7. If enabling Active/Active UTM, select an interface in the HA Data Interface drop-down list.
    This interface will be used for transferring data between the two units during Active/Active UTM processing. Only unassigned, available interfaces appear in the drop-down list.

  8. Note         SonicWALL High Availability cannot be configured using the built-in wireless interface, nor can it be configured using Dynamic WAN interfaces.

    The selected interface must be the same one that you physically connected as described in Initial Active/Active UTM Setup.

    active-utm-3_HA_select_port.jpg

     

  9. To configure the High Availability Pair so that the Primary unit takes back the Primary role once it restarts after a failure, select Enable Preempt Mode. Preempt mode is recommended to be disabled when enabling Stateful High Availability, because preempt mode can be over-aggressive about failing over to the Backup appliance.

  10. To back up the settings when you upgrade the firmware version, select Generate/Overwrite Backup Firmware and Settings When Upgrading Firmware.

  11. Select the Enable Virtual MAC checkbox. Virtual MAC allows the Primary and Backup appliances to share a single MAC address. This greatly simplifies the process of updating network ARP tables and caches when a failover occurs. Only the switch to which the two appliances are connected needs to be notified. All outside devices will continue to route to the single shared MAC address.

  12. Optionally adjust the Heartbeat Interval to control how often the two units communicate. The default is 5000 milliseconds; the minimum supported value is 1000 milliseconds. You can use higher values if your SonicWALL handles a lot of network traffic.

  13. Set the Failover Trigger Level to the number of heartbeats that can be missed before failing over. The default is 5.

  14. Set the Probe Interval to the interval in seconds between probes sent to specified IP addresses to monitor that the network critical path is still reachable. This is used in logical monitoring. SonicWALL recommends that you set the interval for at least 5 seconds. The default is 20 seconds, and the allowed range is 5 to 255 seconds. You can set the Probe IP Address(es) on the High Availability > Monitoring screen. See High Availability > Monitoring.

  15. Set the Probe Count to the number of consecutive probes before SonicOS Enhanced concludes that the network critical path is unavailable or the probe target is unreachable. This is used in logical monitoring. The default is 3, and the allowed range is 3 to 10.

  16. Set the Election Delay Time to the number of seconds allowed for internal processing between the two units in the High Availability Pair before one of them takes the Primary role. The default is 3 seconds.

  17. Set the Dynamic Route Hold-Down Time to the number of seconds the newly-Active appliance keeps the dynamic routes it had previously learned in its route table. This setting is used when a failover occurs on a High Availability pair that is using either RIP or OSPF dynamic routing. When a failover occurs, Dynamic Route Hold-Down Time is the number of seconds the newly-Active appliance keeps the dynamic routes it had previously learned in its route table. During this time, the newly-Active appliance relearns the dynamic routes in the network. When the Dynamic Route Hold-Down Time duration expires, it deletes the old routes and implements the new routes it has learned from RIP or OSPF. The default value is 45 seconds. In large or complex networks, a larger value may improve network stability during a failover.

  18. Note         The Dynamic Route Hold-Down Time setting is displayed only when the Advanced Routing option is selected on the Network > Routing page.

  19. Select the Include Certificates/Keys checkbox to have the appliances synchronize all certificates and keys.

  20. You do not need to click Synchronize Settings at this time, because all settings will be automatically synchronized to the Idle unit when you click Accept after completing HA configuration. To synchronize all settings on the Active unit to the Idle unit immediately, click Synchronize Settings. The Idle unit will reboot.

  21. Click Synchronize Firmware if you previously uploaded new firmware to your Primary unit while the Backup unit was offline, and it is now online and ready to upgrade to the new firmware. Synchronize Firmware is typically used after taking your Backup appliance offline while you test a new firmware version on the Primary unit before upgrading both units to it.

  22. When finished with all High Availability configuration, click Accept. All settings will be synchronized to the Idle unit automatically.

If you enabled Active/Active UTM, the Network > Interfaces page will show that the selected interface for HA Data Interface now belongs to the HA Data-Link zone.