The lan interface on the master and the lan interface on the slave would be connected to the
same switch which then connects to an internal network. Similarly the wan interface on the
master and the wan interface would connect to a switch which in turn connects to the external
Internet.
The hardware of the slave does not need to exactly match the master, however it is
recommended that hardware with similar performance is used in order to avoid any throughput
degradation after a failover.
4.
Decide on a shared IP address for each interface in the cluster. Some interfaces could have
shared addresses only while others could also have unique, individual IP addresses for each
interface specified in a IP4 HA Address object. The shared and individual addresses are used as
follows:
•
The individual addresses specified for an interface in an IP4 HA Address object allow
remote management through that interface. These addresses can also be "pinged" using
ICMP provided that IP rules are defined to permit this (by default, ICMP queries are
dropped by the rule set).
If either unit is inoperative, its individual IP addresses will also be unreachable. These IP
addresses are usually private but must be public if management access across the public
Internet is required.
If an interface is not assigned an individual address through an IP4 HA Address object then
it must be assigned the default address localhost which is an IP address from the subnet
127.0.0.0/8.
ARP queries for the individual IP addresses specified in IP4 HA Address objects are
answered by the firewall that owns the address, using the normal hardware address, just as
with normal IP units.
•
One single shared IP address is used for routing and it is also the address used by dynamic
address translation, unless the configuration explicitly specifies another address.
Note
The shared IP address cannot be used for remote management or monitoring
purposes. When using, for example, SSH for remote management of the D-Link
Firewalls in an HA Cluster, the individual IP addresses of the firewall's
interfaces must be used and these are specified in IP4 HA Address objects as
discussed above.
11.3.2. NetDefendOS Manual HA Setup
To set up an HA cluster manually, the steps are as follows:
1.
Connect to the master unit with the WebUI.
2.
Go to System > High Availability.
3.
Check the Enable High Availability checkbox.
4.
Set the Cluster ID. This must be unique for each cluster.
5.
Choose the Sync Interface.
6.
Select the node type to be Master.
7.
Go to Objects > Address Book and create an IP4 HA Address object for each interface pair.
Each must contain the master and slave interface IP addresses for the pair.
11.3.2. NetDefendOS Manual HA
Setup
Chapter 11. High Availability
414
Содержание 800 - DFL 800 - Security Appliance
Страница 24: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 24 ...
Страница 69: ...2 6 4 Restore to Factory Defaults Chapter 2 Management and Maintenance 69 ...
Страница 121: ...3 9 DNS Chapter 3 Fundamentals 121 ...
Страница 166: ...interfaces without an overriding IGMP Setting Default 1 000 4 6 4 Advanced IGMP Settings Chapter 4 Routing 166 ...
Страница 181: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 181 ...
Страница 192: ...5 5 IP Pools Chapter 5 DHCP Services 192 ...
Страница 282: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 282 ...
Страница 300: ...mechanism 7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 300 ...
Страница 301: ...7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 301 ...
Страница 303: ... Changed on a regular basis such as every three months 8 1 Overview Chapter 8 User Authentication 303 ...
Страница 318: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 318 ...
Страница 322: ...ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 322 ...
Страница 377: ...Management Interface Failure with VPN Chapter 9 VPN 377 ...
Страница 408: ...10 4 6 SLB_SAT Rules Chapter 10 Traffic Management 408 ...
Страница 419: ...11 5 HA Advanced Settings Chapter 11 High Availability 419 ...
Страница 426: ...12 3 5 Limitations Chapter 12 ZoneDefense 426 ...
Страница 449: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 449 ...