SonicWALL 5.8.1 Microscope & Magnifier User Manual


  Open as PDF
of 1490
 
High Availability
1164
SonicOS 5.8.1 Administrator Guide
Tip A compromise between the convenience of synchronizing Certificates and the added
security of not synchronizing Certificates is to temporarily enable the Include Certificate/
Keys setting and manually synchronize the settings, and then disable Include Certificate/
Keys.
To verify that Primary and Backup SonicWALL security appliances are functioning correctly,
wait a few minutes, then power off the Primary SonicWALL device. The Backup SonicWALL
security appliance should quickly take over.
From your management workstation, test connectivity through the Backup SonicWALL by
accessing a site on the public Internet – note that the Backup SonicWALL, when Active,
assumes the complete identity of the Primary, including its IP addresses and Ethernet MAC
addresses.
Log into the Backup SonicWALL’s unique LAN IP address. The management interface should
now display Logged Into: Backup SonicWALL Status: (green ball) Active in the upper right
corner. If all licenses are not already synchronized with the Primary unit, navigate to the System
> Licenses page and register this SonicWALL security appliance on mysonicwall.com. This
allows the SonicWALL licensing server to synchronize the licenses.
Now, power the Primary SonicWALL back on, wait a few minutes, then log back into the
management interface. The management interface should again display Logged Into: Primary
SonicWALL Status: (green ball) Active in the upper right corner.
If you are using the Monitor Interfaces feature, experiment with disconnecting each monitored
link to ensure that everything is working correctly.
Successful High Availability synchronization is not logged, only failures are logged.
Forcing Transitions
In some cases, it may be necessary to force a transition from the Active SonicWALL to the Idle
unit – for example, to force the Primary SonicWALL to become Active again after a failure when
Preempt Mode has not been enabled, or to force the Backup SonicWALL to become Active in
order to do preventive maintenance on the Primary SonicWALL.
To force such a transition, it is necessary to interrupt the heartbeat from the currently Active
SonicWALL. This may be accomplished by disconnecting the Active SonicWALL’s LAN port, by
shutting off power on the currently Active unit, or by restarting it from the Web management
interface. In all of these cases, heartbeats from the Active SonicWALL are interrupted, which
forces the currently Idle unit to become Active.
To restart the Active SonicWALL, log into the Primary SonicWALL LAN IP address and click
System on the left side of the browser window and then click Restart at the top of the window.
Click Restart SonicWALL, then Yes to confirm the restart. Once the Active SonicWALL
restarts, the other SonicWALL in the High Availability pair takes over operation.
Warning
If the Preempt Mode checkbox has been selected for the Primary SonicWALL, the
Primary unit takes over operation from the Backup unit after the restart is complete.
Tip SonicWALL recommends disabling preempt mode when using Stateful High Availability.
This is because preempt mode can be over-aggressive about failing over to the Backup
appliance.