CyberGuard SG300 User Manual page 74

This floating IP address is in addition to the primary IP addresses of the two devices (e.g.
192.168.1.2 and 192.168.1.3) for the interface on the network segment.
The floating IP address and primary IP addresses of the two devices need not be part of
the same network (e.g. 192.168.1.0/24), but typically will be.
As far as hosts on the network are concerned, they may use either a device's primary IP
address to address a particular device, or the floating IP address to use whichever device
is currently up.
For example, a host may have its default gateway assigned as the floating IP address.
Note
High availability does not perform stateful failover between CyberGuard SG appliances,
i.e. any network connections that were established through the failed device must be re-
established through the new master device.
Enabling high availability
On each of the devices, select the Failover & H/A, then the High Availability tab.
You may use either the supplied script, /bin/highavaild, to manage the shared address,
or you may write your own script, possibly based on /bin/highavaild.
Note
/bin/highavaild is a Tcl script. The CyberGuard SG appliance uses TinyTcl, which
provides a fairly extensive subset of regular Tcl's features. Documentation is available
from: http://tinytcl.sourceforge.net/
If you are using the supplied /bin/highavaild script, enter a command similar to the
following as the Start Command on both devices. Stop Command and Test
Command are not required in the basic scenario.
/bin/highavaild [-d] [-n] [-a alias] ipaddr &
70
Network Setup