Table of Contents
Advertisement
Network Setup menu options
High Availability
Figure 77 Basic HA configuration—Appliance 1 gains LAN connectivity
Later, UTM Firewall appliance #1 comes back online as the secondary. UTM Firewall appliance #2 continues
its role as the default gateway for the local network.
Default high availability script
With the default high availability script, a high availability failover is not triggered by the primary simply
losing Internet connectivity. The primary must become uncontactable to the secondary via the local
network segment in order for an HA failover to trigger. The default location for the HA script is
/bin/highavaild.
Customizing the HA script
You can customize the HA script by replacing and modifying the /bin/highavaild script.
From the command line interface (ssh/telnet):
Copy /bin/highavaild to /etc/config.
1
Edit the HA script with vi or via the Management Console System menu Advanced option (see
2
Configuration Files
tab).
You must also change the HA path for highavaild to /etc/config/highavaild. See
availability.
The share-IP address will automatically be configured as an alias interface by the HA script and logic on
whichever appliance is currently the primary. More sophisticated HA scenarios can be configured by setting
up a basic configuration in the High Availability page and then manually editing the ifmond.conf file and the
scripts it calls.
McAfee UTM Firewall 4.0.4 Administration Guide
Enabling high
77
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
