1. Manuals
  2. Brands
  3. Watchguard Manuals
  4. Firewall
  5. Firebox V10
  6. Supplementary manual

Watchguard V10 Supplementary Manual

Firebox vclass high availability guide
Hide thumbs Also See for V10:
Table of Contents

Advertisement

Quick Links

Download this manual See also: User Manual, Installation Manual
WatchGuard
®
Firebox Vclass
High Availability Guide
High Availability for Vcontroller 5.0 and CPM 4.1

Advertisement

Table of Contents
loading

Related Manuals for Watchguard V10

Summary of Contents for Watchguard V10

  • Page 1 WatchGuard ® Firebox Vclass High Availability Guide High Availability for Vcontroller 5.0 and CPM 4.1...
  • Page 2 No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of WatchGuard Technologies, Inc. Copyright, Trademark, and Patent Information Copyright©...
  • Page 3 Hudson (tjh@cryptsoft.com). © 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved. This package is an SSL implementation written by Eric Young (eay@cryptsoft.com). The implementation was written so as to conform with Netscapes SSL. This library is free for commercial and non-commercial use as long as the following conditions are aheared to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code;...
  • Page 4 EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

  • Page 5: Table Of Contents

    Contents CHAPTER 1 How High Availability Works High Availability Modes Prerequisites for a High Availability System Connecting the appliances Installing High Availability Configuring High Availability Active/Active in Vcontroller Managing High Availability Setting and Responding to Alarms CHAPTER 2 Configuring High Availability in CPM Setting and Responding to Alarms High Availability CPM Scenarios High Availability Guide...
  • Page 6 High Availability for Vcontroller and CPM...

  • Page 7: Firebox Vclass High Availability

    WatchGuard High Availability In a WatchGuard Firebox Vclass High Availability (HA), two Firebox Vclass appliances are connected so that one serves as a ready backup to the other if the main appliance fails while managing network traffic. This chapter guides you through connecting, linking, and running a High Availability (HA) Active/Active system using two Firebox Vclass appliances in a primary and secondary relationship.

  • Page 8: How High Availability Works

    How High Availability Works When High Availability is active, a Primary appliance sends a “heartbeat” to a Secondary appliance. This heartbeat tells the Secondary appliance that the primary appliance is still “alive,” or up. If the primary appliance fails, the heartbeat ceases. When the Secondary appliance detects three consecutive missed heartbeats, it assumes all processing tasks.

  • Page 9: Prerequisites For A High Availability System

    The appliance you use as the Secondary or backup device must be reset to the factory default configuration. • Software upgrade licenses for the High Availability feature. You obtain these licenses from the WatchGuard LiveSecurity web site, after you register your appliances. • Crossover cables to connect the appliance HA ports.

  • Page 10: Connecting The Appliances

    HA2 port. Installing High Availability Your purchase of the WatchGuard High Availability Active/Active software upgrade includes a license key certificate. You enter this license key at the LiveSecurity Web site. The LiveSecurity web site will then generate a feature key for you.
  • Page 11 Generate a feature key. More information here, pending further info... Import the Feature Key to the Vclass appliances To add the new license for the High Availability feature, follow these steps: Click the License tab. The Licences list is displayed. To import a new license, follow these steps: Click Add.
  • Page 12 If you prefer, you can also use a text editor to open the file. Then copy and paste the text. You can also copy and paste the license text directly from the WatchGuard LiveSecurity Web site. When the license text is displayed, click Import License.

  • Page 13: Configuring High Availability Active/Active In Vcontroller

    When you are finished, click Close. Configuring High Availability Active/Active in Vcontroller After you have connected the appliances, you can configure the Secondary appliance with the WatchGuard Vcontroller. Make sure you are currently logged in to the Primary appliance. High Availability Guide...
  • Page 14 After starting the WatchGuard Vcontroller, click the System Configuration button. When the System Configuration window appears, click the High Availability tab. High Availability for Vcontroller and CPM...
  • Page 15 Select Enable High Availability. The following HA options appear in the tab. Select the Active/Active checkbox.. The default HA settings include the following: - All of the appliance’s interfaces will be monitored. If any interface is detected as “LINK-DOWN,” the Secondary appliance will take over.
  • Page 16 Make sure that the connection links both HA1 ports on the primary and secondary appliances, and that you are using a crossover cable. If the appliance cannot detect the secondary appliance, check the connection and restart the secondary appliance. When this is done, click the Refresh button to redetect the secondary appliance.
  • Page 17 In addition, you can manually trigger a Failover or Restart event on the Primary or Secondary appliance. To change any of these settings, follow these steps: After starting the WatchGuard Vcontroller, click the System Configuration button. When the System Configuration window appears, click the High Availability tab.
  • Page 18 Click the Advanced button. The Advanced HA Parameters dialog box appears. To activate monitoring through the HA ports, click to select the checkbox marked Enable HA on HA1 Port and/or Enable HA on HA2 Port. Note that if HA is enabled on the HA2 interface, that interface cannot be used for management access.

  • Page 19: Managing High Availability

    IP address of the private interface on the Primary appliance. Checking HA system status The WatchGuard Vcontroller provides a quick-check feature that tells you, at a glance, the status of your HA system. Look in the lower-left corner of the WatchGuard Vcontroller for the system indicator.

  • Page 20: Setting And Responding To Alarms

    Detailed System Status Detailed HA system status is shown in the System Configuration/High Availability window. This status includes the HA role, status, DB timestamp, and failure reason (if one exists) for both systems. To view detailed system status, open the System Configuration window and click on the High Availability tab.
  • Page 21 Setting and Responding to Alarms For more information on defining alarms, see the Firebox Vclass User Guide and CPM User Guide. High Availability Guide...
  • Page 22 High Availability for Vcontroller and CPM...

  • Page 23: Firebox Vclass High Availability With Cpm

    WatchGuard High Availability with CPM This chapter describes how to use High Availability with a CPM system. This chapter discusses the following topics: • “Configuring High Availability in CPM” on page 17 • “High Availability CPM Scenarios” on page 20...
  • Page 24 Click the Active/Active checkbox. The following options appear. Enter the Secondary System Name. If desired, click Encrypt all HA Communication, and type and confirm a Shared Secret. This feature is optional, and can be left blank if you do not need to encrypt information sent between these appliances during normal operation.

  • Page 25: Setting And Responding To Alarms

    Enter the IP addresses and Netmasks for the secondary appliance. 10 Click Advanced The Advanced HA Settings dialog box appears. 11 Click the checkbox of each port you want the backup appliance to monitor. 12 Click the checkbox to select the HA interface you want to enable and send HA heartbeats over and type the Primary IP address, Secondary IP address, and Netmask of the HA interface you enabled.

  • Page 26: High Availability Cpm Scenarios

    Make sure that you open and edit the existing Event Alarm definition so that you are notified by an SNMP trap, email alert, or both. You should also make sure that all SNMP stations have been registered in the appliances, as can be done in the System Configuration window SNMP tab.
  • Page 27 HA- Active/Active mode. The appliance that is currently in service will be designated as the primary appliance, and the new appliance will be designated as the secondary appliance. Add HA licenses to both appliances. Reset the new (secondary) appliance to factory defaults. Modify the system configuration of the primary appliance to enable HA, and recompile the profile.
  • Page 28 High Availability for Vcontroller and CPM...

This manual is also suitable for:

V100V200V60V60lV80

Table of Contents