background image

WatchGuard

®

 

Firebox Vclass
High Availability Guide

High Availability for Vcontroller 5.0 and CPM 4.1

Summary of Contents for Firebox V10

Page 1: ...WatchGuard Firebox Vclass High Availability Guide High Availability for Vcontroller 5 0 and CPM 4 1...

Page 2: ...ademarks of Sun Microsystems Inc in the United States and other countries All right reserved 1995 1998 Eric Young eay cryptsoft All rights reserved 1998 2000 The OpenSSL Project All rights reserved Re...

Page 3: ...INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAU...

Page 4: ...d Apache Software Foundation must not be used to endorse or promote products derived from this software without prior written permission For written permission please contact apache apache org 5 Produ...

Page 5: ...bility System 3 Connecting the appliances 4 Installing High Availability 4 Configuring High Availability Active Active in Vcontroller 7 Managing High Availability 13 Setting and Responding to Alarms 1...

Page 6: ...vi High Availability for Vcontroller and CPM...

Page 7: ...nd running a High Availability HA Active Active system using two Firebox Vclass appliances in a primary and secondary relationship This chapter discusses the following topics How High Availability Wor...

Page 8: ...mum uptime and network availability Active Standby is available for all models that have an HA interface In this mode both appliances are configured with the same system name IP address and configurat...

Page 9: ...must be reset to the factory default configuration Software upgrade licenses for the High Availability feature You obtain these licenses from the WatchGuard LiveSecurity web site after you register yo...

Page 10: ...erfaces with crossover cables Connect the management station to a hub that is connected to interface 0 private on both appliances The management station can also be connected to an HA2 port Installing...

Page 11: ...n here pending further info Import the Feature Key to the Vclass appliances To add the new license for the High Availability feature follow these steps 1 Click the License tab The Licences list is dis...

Page 12: ...License This imports the license into the Firebox Vclass appliance After the import is complete the window closes and the newly imported license appears in the license list 6 Repeat this process to i...

Page 13: ...tive Features The Active Features window appears 2 Review the active features along with their capacity and status 3 Click Refresh to update the feature list 4 When you are finished click Close Config...

Page 14: ...High Availability for Vcontroller and CPM 2 After starting the WatchGuard Vcontroller click the System Configuration button 3 When the System Configuration window appears click the High Availability t...

Page 15: ...the appliance s interfaces will be monitored If any interface is detected as LINK DOWN the Secondary appliance will take over The HA heartbeat interval is set to one beat every second The HA Group ID...

Page 16: ...or better performance leave the HA secret blank This shared secret is used to encrypt HA state sync information VPN tunnel information is always encrypted even if this encryption is disabled 7 Change...

Page 17: ...arameters You can customize a number of HA parameters using the Advanced HA Parameters dialog box At this level you can configure the following Send the HA heartbeat to the secondary appliance s HA2 m...

Page 18: ...e HA2 interface that interface cannot be used for management access 6 If specific IP addresses have been assigned to the HA ports type the IP addresses and Netmasks in each of the two HA Interface fie...

Page 19: ...System Failures When an appliance fails the other active appliance takes over processing When you log into the active appliance using Vcontroller check the System Status in the lower left corner to de...

Page 20: ...em fails an Event alarm is generated and the failover process is logged in the event log You can check the alarms and the event log to determine when the failover occurred Make sure that you open and...

Page 21: ...Setting and Responding to Alarms High Availability Guide 15 For more information on defining alarms see the Firebox Vclass User Guide and CPM User Guide...

Page 22: ...16 High Availability for Vcontroller and CPM...

Page 23: ...in CPM To set up the CPM Client to manage an HA Active Active connection 1 Log on to the CPM Client 2 Click Configuration Editor The Configuration Editor window appears 3 Right click an appliance reco...

Page 24: ...feature is optional and can be left blank if you do not need to encrypt information sent between these appliances during normal operation Encryption is not necessary if the HA1 interfaces are connect...

Page 25: ...pliance to monitor 12 Click the checkbox to select the HA interface you want to enable and send HA heartbeats over and type the Primary IP address Secondary IP address and Netmask of the HA interface...

Page 26: ...new 1 Add HA licenses to both appliances 2 Reset both appliances to the factory default configuration 3 Add an appliance record for the primary appliance and set up the system with the proper HA conf...

Page 27: ...s the secondary appliance 1 Add HA licenses to both appliances 2 Reset the new secondary appliance to factory defaults 3 Modify the system configuration of the primary appliance to enable HA and recom...

Page 28: ...22 High Availability for Vcontroller and CPM...

Reviews: