High Availability Setup Example - D-Link NetDefend DFL-210 User Manual

High Availability Setup Example

Broken interfaces will not be detected by the current implementation of D-Link High Availability,
unless they are broken to the point where the firewall cannot continue to run. This means that fail-
over will not occur if the active firewall can communicate "being alive" to the inactive firewall
through any of its interfaces, even though one or more interfaces may be inoperative.
High Availability Setup Example
In a high availability setup, all the interfaces of the primary firewall need to be present on the back-
up firewall and be connected to the same networks. As previously mentioned, failover is not done
unnecessarily, so either firewall may maintain the active role of the cluster for an extended period of
time. Hence, connecting some equipment to only the "master" or only the "slave" firewall is bound
to produce unwanted results. An example of a High Availibility setup is shown below.
Figure 11.1. High Availability Setup Example
In this illustration, both firewalls are connected to the internal as well as the external network. If
there are more networks, for instance one or more demilitarized zones, or internal network seg-
ments, both firewalls will also have to be connected to such networks; just connecting the "master"
to a network will most likely lead to a loss of connectivity for extended periods of time.
230
Chapter 11. High Availability