Synchronizing Settings - SonicWALL TZ 210 Series Getting Started Manual

TZ_210_GSG.book Page 52 Friday, November 14, 2008 10:29 AM
6. In the Logical Probe IP Address field, enter the IP
address of a downstream device on the LAN network that
should be monitored for connectivity. Typically, this should
be a downstream router or server. (If probing is desired on
the WAN side, an upstream device should be used.) The
Primary and Backup appliances will regularly ping this
probe IP address. If both can successfully ping the target,
no failover occurs. If neither can successfully ping the
target, no failover occurs, because it is assumed that the
problem is with the target, and not the SonicWALL
appliances. But, if one appliance can ping the target but the
other appliance cannot, failover will occur to the appliance
that can ping the target.
The Primary IP Address and Backup IP Address fields
must be configured with independent IP addresses on the
X0 interface (X1 for probing on the WAN) to allow logical
probing to function correctly.
7. SonicWALL recommends that you do not select Override
Virtual MAC. When Virtual MAC is enabled, the SonicOS
firmware automatically generates a Virtual MAC address
for all interfaces. Allowing the SonicOS firmware to
generate the Virtual MAC address eliminates the possibility
of configuration errors and ensures the uniqueness of the
Virtual MAC address, which prevents possible conflicts.
8. Click OK.
9. To configure monitoring on any of the other interfaces,
repeat the above steps.
10. When finished with all High Availability configuration, click
Accept. All settings will be synchronized to the Idle unit
automatically.
Page 52 Configuring High Availability

Synchronizing Settings

Once you have configured the HA settings on the Primary
SonicWALL security appliance, it will automatically synchronize
the settings to the Backup unit, causing the Backup to reboot.
You do not need to click the Synchronize Settings button.
However, if you later choose to do a manual synchronization of
settings, click the Synchronize Settings button. You will see a
HA Peer Firewall has been updated notification at the bottom
of the management interface page. Also note that the
management interface displays Logged Into: Primary
SonicWALL Status: (green ball) Active in the upper-right-
hand corner.
By default, the Include Certificate/Keys setting is enabled.
This specifies that certificates, certificate revocation lists (CRL),
and associated settings are synchronized between the Primary
and Backup units. When local certificates are copied to the
Backup unit, the associated private keys are also copied.
Because the connection between the Primary and Backup units
is typically protected, this is generally not a security concern.
Tip:
A compromise between the convenience of
synchronizing certificates and the added security of not
synchronizing certificates is to temporarily enable the
Include Certificate/Keys setting and manually
synchronize the settings, and then disable Include
Certificate/Keys.