SonicWALL NSA 2400, Руководство по началу работы

Страница: 29 / 70

Page 28 Configuring a State Sync Pair in NAT/Route Mode
3. To backup the firmware and settings when you upgrade the
firmware version, select
Generate/Overwrite Backup
Firmware and Settings When Upgrading Firmware .
4. Select the Enable Virtual MAC checkbox. Virtual MAC
allows the Primary and Backup appliances to share a
single MAC address. This greatly simplifies the process of
updating network ARP tables and caches when a failover
occurs. Only the WAN switch to which the two appliances
are connected to needs to be notified. All outside devices
will continue to route to the single shared MAC address.
5. The Heartbeat Interval controls how often the two units
communicate. The default is 5000 milliseconds; the
minimum recommended value is 1000 milliseconds. Less
than this may cause unnecessary failovers, especially
when the SonicWALL is under a heavy load.
6. Typically, SonicWALL recommends leaving the Heartbeat
Interval , Election Delay Time (seconds) , and Dynamic
Route Hold-Down Time fields to their default settings.
These fields can be tuned later as necessary for your
specific network environment:
-
The Failover Trigger Level sets the number of
heartbeats that can be missed before failing over. By
default, this is set to 5 missed heartbeats.
- The Election Delay Time is the number of seconds
allowed for internal processing between the two units in
the HA pair before one of them takes the primary role.
- The Probe Level sets the interval in seconds between
communication with upstream or downstream systems.
The default is 20 seconds, and the allowed range is 5
to 255 seconds. You can set the Probe IP Address(es)
on the
High Availability > Monitoring screen.
- The Dynamic Route Hold-Down Time setting is used
when a failover occurs on a HA pair that is using either
RIP or OSPF dynamic routing, and it is only displayed
when the
Advanced Routing option is selected on the
Network > Routing page. When a failover occurs,
Dynamic Route Hold-Down Time is the number of
seconds the newly-active appliance keeps the dynamic
routes it had previously learned in its route table.
- During this time, the newly-active appliance relearns
the dynamic routes in the network. When the
Dynamic
Route Hold-Down Time duration expires, it deletes the
old routes and implements the new routes it has
learned from RIP or OSPF. The default value is
45 seconds. In large or complex networks, a larger
value may improve network stability during a failover.
7. Select the Include Certificates/Keys checkbox to have
the appliances synchronize all certificates and keys.
8. Click Synchronize Settings to synchronize the settings
between the Primary and Backup appliances.
9. Click Synchronize Firmware if you previously uploaded
new firmware to your Primary unit while the Secondary unit
was offline, and it is now online and ready to upgrade to the
new firmware.
Synchronize Firmware is typically used
after taking your Secondary appliance offline while you test
a new firmware version on the Primary unit before
upgrading both units to it.
10. Click Apply to retain the settings on this screen.