D-Link DFL-1660 User Manual page 530
Network security firewall
Hide thumbs
Also See for DFL-1660:
- User manual (483 pages) ,
- Installation manual (45 pages) ,
- Reference manual (948 pages)
Table of Contents
Advertisement
11.1. Overview
Chapter 11. High Availability
Special packets, known as heartbeats, are continually sent by NetDefendOS across the sync
interface and all other interfaces from one unit to the other. These packets allow the health of both
units to be monitored. Heartbeat packets are sent in both directions so that the passive unit knows
about the health of the active unit and the active unit knows about the health of the passive.
The heartbeat mechanism is discussed below with more detail in Section 11.2, "HA Mechanisms".
Cluster Management
When managing the individual hardware units in a cluster, they must be administered separately
using the Web Interface or the CLI. Configuration changes are not automatically duplicated between
the cluster peers.
Load-sharing
D-Link HA clusters do not provide load-sharing since only one unit will be active while the other is
inactive and only two NetDefend Firewalls, the master and the slave, can exist in a single cluster.
The only processing role that the inactive unit plays is to replicate the state of the active unit and to
take over all traffic processing if it detects the active unit is not responding.
Hardware Duplication
D-Link HA will only operate between two NetDefend Firewalls. As the internal operation of
different firewall manufacturer's software is completely dissimilar, there is no common method
available to communicating state information to a dissimilar device.
It is also strongly recommended that the NetDefend Firewalls used in cluster have identical
configurations. They must also have identical licenses which allow identical capabilities including
the ability to run in an HA cluster.
Extending Redundancy
Implementing an HA Cluster will eliminate one of the points of failure in a network. Routers,
switches and Internet connections can remain as potential points of failure and redundancy for these
should also be considered.
Protecting Against Network Failures Using HA and Link Monitor
The NetDefendOS Link Monitor feature can be used to check connection with a host so that when it
is no longer reachable an HA failover is initiated to a peer which has a different connection to the
host. This technique is a useful extension to normal HA usage which provides protection against
network failures between a single NetDefend Firewall and hosts. This technique is described further
in Section 2.4.1, "The Link Monitor".
530
- Quick Links:
- The Cli
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
