Netdefendos Manual Ha Setup - D-Link NetDefend DFL-210 User Manual
Network security firewall
Hide thumbs
Also See for NetDefend DFL-210:
- User manual (495 pages) ,
- Log reference manual (476 pages) ,
- Cli reference manual (213 pages)
Table of Contents
Advertisement
11.3.2. NetDefendOS Manual HA
Setup
The lan interface on the master and the lan interface on the slave would be connected to the
same switch which then connects to an internal network. Similarly the wan interface on the
master and the wan interface would connect to a switch which in turn connects to the external
Internet.
The hardware of the slave does not need to exactly match the master, however it is
recommended that hardware with similar performance is used in order to avoid any throughput
degradation after a failover.
4.
Decide on a shared IP address for each interface in the cluster. Some interfaces could have
shared addresses only while others could also have unique, individual IP addresses for each
interface specified in a IP4 HA Address object. The shared and individual addresses are used as
follows:
•
The individual addresses specified for an interface in an IP4 HA Address object allow
remote management through that interface. These addresses can also be "pinged" using
ICMP provided that IP rules are defined to permit this (by default, ICMP queries are
dropped by the rule set).
If either unit is inoperative, its individual IP addresses will also be unreachable. These IP
addresses are usually private but must be public if management access across the public
Internet is required.
If an interface is not assigned an individual address through an IP4 HA Address object then
it must be assigned the default address localhost which is an IP address from the subnet
127.0.0.0/8.
ARP queries for the individual IP addresses specified in IP4 HA Address objects are
answered by the firewall that owns the address, using the normal hardware address, just as
with normal IP units.
•
One single shared IP address is used for routing and it is also the address used by dynamic
address translation, unless the configuration explicitly specifies another address.
11.3.2. NetDefendOS Manual HA Setup
To set up an HA cluster manually, the steps are as follows:
1.
Connect to the master unit with the WebUI.
2.
Go to System > High Availability.
3.
Check the Enable High Availability checkbox.
4.
Set the Cluster ID. This must be unique for each cluster.
5.
Choose the Sync Interface.
6.
Select the node type to be Master.
7.
Go to Objects > Address Book and create an IP4 HA Address object for each interface pair.
Each must contain the master and slave interface IP addresses for the pair.
Note
The shared IP address cannot be used for remote management or monitoring
purposes. When using, for example, SSH for remote management of the D-Link
Firewalls in an HA Cluster, the individual IP addresses of the firewall's
interfaces must be used and these are specified in IP4 HA Address objects as
discussed above.
414
Chapter 11. High Availability
- Quick Links:
- The Cli
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
