Configuration Issues - D-Link DFL-1600 User Manual
Network security firewall
Hide thumbs
Also See for DFL-1600:
- Quick manual (22 pages) ,
- User manual (552 pages) ,
- Log reference manual (476 pages)
Table of Contents
Advertisement
310
29.4.2
Configuration Issues
When configuring High Availability clusters, there are a number of things
to keep in mind in order to avoid unnecessary pitfalls.
Changing the cluster ID
By changing the cluster ID, you actually doing two things:
Changing the hardware address of the shared IPs. This will cause
problems for all units attached to the local LAN, as they will keep the
old hardware address in their ARP caches until it times out. Such
units will have to have their ARP caches flushed.
You will also break the connection between the firewalls in the cluster
for as long as they are using different configurations. This will cause
both firewalls to go active at the same time.
In short, changing the cluster ID unnecessarily is not a good idea.
After the configuration has been uploaded to both firewalls, the ARP caches
of vital units will have to be flushed in order to restore communication.
Never use the unique IPs for live traffic
The unique (private) IP addresses of the firewalls cannot safely be used for
anything but managing the firewalls.
Using them for anything else: gatewaying, using them as source IPs in
dynamically NATed connections or publishing services on them, will
inevitably cause problems, as unique IPs will disappear when the firewall it
belongs to does.
D-Link Firewalls User's Guide
Chapter 29. High Availability
Advertisement
Table of Contents
