High Availability
1143
SonicOS 5.8.1 Administrator Guide
If you will not be using Primary/Backup WAN Management IP address, make sure each entry
field is set to ‘0.0.0.0’ (in the High Availability > Monitoring Page) – the SonicWALL will report
an error if the field is left blank.
Note If each SonicWALL has a Primary/Backup WAN Management IP address for remote
management, the WAN IP addresses must be in the same subnet. If shifting a previously
assigned interface to act as a unique WAN interface, be sure to remove any custom NAT
policies that were associated with that interface before configuring it.
The following figure shows an example of how to connect two SonicWALL security appliances
for Stateful High Availability. The units are connected with their designated HA ports.
The LAN (X0) interfaces are connected to a switch on the LAN network. The WAN (X1)
interfaces are connected to another switch, which connects to the Internet. The designated high
availability interfaces are connected directly to each other using a crossover cable.
Note If you are connecting the Primary and Backup appliances to an Ethernet switch that uses
the spanning tree protocol, be aware that it may be necessary to adjust the link activation
time on the switch port to which the SonicWALL interfaces connect. For example, on a Cisco
Catalyst-series switch, it is necessary to activate spanning tree port fast for each port
connecting to the SonicWALL security appliance’s interfaces.
Initial High Availability Setup
Before you begin the configuration of High Availability on the Primary SonicWALL security
appliance, perform the following initial setup procedures.
• Register and associate the Primary and Backup SonicWALL security appliances as a High
Availability pair on MySonicWALL. See “Associating Appliances on MySonicWALL for High
Availability” on page 1145.
• On the back of the Backup SonicWALL security appliance, locate the serial number and
write the number down. You need to enter this number in the High Availability > Settings
page.
• Make sure that the two appliances are running the same SonicOS Enhanced versions.
SonicWALL NSA 1
SonicWALL NSA 2
B
Network Security Appliance
NSA
Local Network
SonicWALL
HA / Failover Pair
Internet
HA Link