Filter
Top Products
SONICWALL SONICOS ENHANCED 2.5 ADMINISTRATOR’S GUIDE
229
Hardware Failover > Settings
• Once Hardware Failover has been configured and activated, upon first preferences
synchronization, the Backup SonicWALL security appliance automatically reboots in order to load
the mirrored preferences – this is normal behavior.
• At present, the monitor feature utilizes ICMP pings on designated probe targets, and can only be
used on interfaces that have been assigned unique IP addresses (at present, LAN and WAN only).
• The Primary and Backup SonicWALL security appliance’s unique LAN IP addresses cannot act as
an active gateway; all systems connected to the internal LAN will need to use the virtual LAN IP
address as their gateway.
• The Primary and Backup SonicWALL devices are currently only capable of performing active/
passive Hardware Failover – active/active failover is not supported at present.
• Session state is not currently synchronized between the Primary and Backup SonicWALL security
appliances. If a failover occurs, any session that had been active at the time of failover needs to be
renegotiated.
• If shifting a previously assigned interface to act as the Secondary WAN interface, be sure to
remove any custom NAT policies that were associated with that interface before configuring it.
• It’s strongly recommended that Primary and Backup SonicWALL security appliances run the exact
same version of firmware; system instability may result if firmware versions are out of sync.
• Successful Hardware Failover synchronization is not logged, only failures.
• If you are connecting the Primary and Backup device to an Ethernet switch running the spanning-
tree protocol, please be aware that it may be necessary to adjust the link activation time on the
switch port that the SonicWALL interfaces connect to. As an example, it would be necessary to
activate spantree portfast on a Cisco Catalyst-series switch, for each port connecting to the
SonicWALL’s interfaces.
• If you will not be using the unique WAN IP address feature, make sure each entry field is set to
‘0.0.0.0’ – the SonicWALL will report an error if the field is left blank.
Hardware Failover Terminology
• Primary - Describes the principal hardware unit itself. The Primary identifier is a manual
designation, and is not subject to conditional changes. Under normal operating conditions, the
Primary hardware unit operates in an Active role.
• Backup - Describes the subordinate hardware unit itself. The Backup identifier is a relational
designation, and is assumed by a unit when paired with a Primary unit. Under normal operating
conditions, the Backup unit operates in an Idle mode. Upon failure of the Primary unit, the Backup
unit will assume the Active role.
•Active - Describes the operative condition of a hardware unit. The Active identifier is a logical role
that can be assumed by either a Primary or Backup hardware unit.
•Idle - Describes the passive condition of a hardware unit. The Idle identifier is a logical role that
can be assumed by either a Primary or Backup hardware unit. The Idle unit assumes the Active
role in the event of determinable failure of the Active unit.
• Failover - The actual process in which the Idle unit assumes the Active role following a qualified
failure of the Active unit. Qualification of failure is achieved by various configurable physical and
logical monitoring facilities described throughout the Task List section.
•Preempt - Applies to a post-failover condition in which the Primary unit has failed, and the Backup
unit has assumed the Active role. Enabling Preempt will cause the Primary unit to seize the Active
role from the Backup after the Primary has been restored to a verified operational state.