1. Manuals
  2. Brands
  3. D-Link Manuals
  4. Firewall
  5. DFL-1600 - Security Appliance
  6. User manual

What High Availability Will Not Do For You - D-Link DFL-1600 User Manual

Network security firewall
Hide thumbs Also See for DFL-1600:
Table of Contents

Advertisement

302
Chapter 29. High Availability
connection table and other vital information, is continuously copied to the
inactive firewall. When the cluster fails over to the inactive firewall, it
knows which connections are active, and communication may continue to
flow uninterrupted.
The failover time is typically about one second; well in the scope for the
normal TCP retransmit timeout, which is normally over one minute.
Clients connecting through the firewall will merely experience the failover
procedure as a slight burst of packet loss, and, as TCP always does in such
situations, retransmit the lost packets within a second or two, and go on
communicating.
29.1.2

What High Availability will NOT do for you

Adding redundancy to your firewall setup will eliminate one of the single
points of failure in your communication path. However, it is not a panacea
for all possible communication failures.
Typically, your firewall is far from the only single point of failure.
Redundancy for your routers, switches, and your Internet connection are
also issues that need to be addressed.
D-Link High Availability clusters will not create a load-sharing cluster. One
firewall will be active, and the other will be inactive.
Multiple back-up firewalls cannot be used in a cluster. Only two firewalls, a
"master" and a "slave", is supported.
As is the case with all other firewalls supporting stateful failover, the
D-Link High Availability will only work between two D-Link Firewalls. As
the internal workings of different firewalls, and, indeed, different major
versions of the same firewall, can be radically different, there is no way of
communicating "state" to something which has a completely different
comprehension of what "state" means.
Broken interfaces will not be detected by the current implementation of the
High Availability, unless they are broken to the point where the firewall
cannot continue to run. This means that failover will not occur if the active
firewall can communicate being alive to the inactive firewall through any of
its interfaces, even though one or more interfaces may be inoperative.
D-Link Firewalls User's Guide

Advertisement

Table of Contents
loading

Related Manuals for D-Link DFL-1600

Related Content for D-Link DFL-1600

This manual is also suitable for:

Netdefend dfl-210Netdefend dfl-2500Dfl-800Netdefend dfl-1600Netdefend dfl-800

Table of Contents