Netdefendos Setup; Verifying Cluster Functioning - D-Link NetDefend DFL-210 User Manual

11.3.2. NetDefendOS Setup

3. Decide on a shared IP address for each interface in the cluster. Some interfaces could have
shared addresses only with others having unique individual addresses as well. The shared and
unique addresses are used as follows:
• The unique, non-shared IP addresses are used to communicate with the D-Link Firewalls
themselves for functions such as remote control and monitoring. They can also be "pinged".
They should not be associated with the traffic flowing through the cluster. If either unit is
inoperative, the associated IP address will be unreachable. ARP queries for the respective
addresses are answered by the firewall that owns the IP address, using the normal hardware
address, just like normal IP units.
• One shared IP address is used for routing and it is also the address used by dynamic address
translation, unless the configuration explicitly specifies another address.
11.3.2. NetDefendOS Setup
The remaining steps to configure the NetDefendOS software through the WebUI are as follows.
1. Connect to the master unit with the WebUI.
2. Go to System > High Availability
3. Check the Enable High Availability checkbox
4. Set the Cluster ID. This must be unique for each cluster.
5. Choose the Sync Interface
6. Select the node type to be Master
7. Go to Objects > Address book and create an IP4 HA address object for each interface. Each
object must contain the master and slave IP address.
8. Go to Interfaces > Ethernet, going through each interface in the list and entering the shared IP
address for that interface in the IP Address field.
Also select the Advanced tab for each interface and set the High Availability Private IP
Address field to be the name of the IP4 HA object defined in the previous step for the interface
(NetDefendOS will automatically select the appropriate address from the master and slave IP
addresses defined for the object).
9. Repeat the above steps for the other D-Link Firewall but select the node type to be Slave.
The configuration on both D-Link Firewalls needs to be the same. Configurations between the units
are automatically synchronized. To change something in a configuration logon to either the master
or the slave, make the change then deploy. The changes are automatically made to both units.

11.3.3. Verifying Cluster Functioning

To verify that the cluster is performing correctly, first use an ha command on each unit. The output
will look similar to this for the master:
> ha
Note
The shared IP address should not be used for remote management or monitoring
purposes. When using, for example, SSH for remote management of the D-Link
Firewalls in an HA Cluster, the individual IP addresses of the firewalls should be
used.
294
Chapter 11. High Availability