Configuring High Availability

In the Device > High Availability page you can create a cluster of two appliances for high availability.

Note - You cannot create a cluster when you have a switch or bridge defined in your network settings on the appliance. If necessary, change network settings in the Device > Local Network page.

After you define a cluster, you can select to Enable or Disable the cluster.

The page shows the configured interfaces for monitoring or high availability enabled in a table, where you can edit them.

Interface options in cluster mode:

  • High Availability - Two physical interfaces in 2 cluster members act as a single interface toward the network, using a single virtual IP address.

    Note - In this cluster solution, each interface has a local IP address in addition to the shared single virtual IP address.

  • Sync - Two physical interfaces must be defined as Sync interfaces and connected between the members to allow proper failover as needed. The default is to use LAN2/Sync physical port.

  • Non HA (also called private) - The physical interface in this member does not participate in High Availability functions.

  • Monitored (also called private monitored) - The physical interface in this member is not coupled with another interface on the other member as in High Availability interface mode. The interface's status is still monitored, and if a problem occurs the member will fail over to the second one.

To change network configuration details of the cluster members:

  1. Reset the cluster configuration on the secondary member.

  2. Perform the configuration changes on the primary member and click Reinitialize Trust.

  3. Reconnect the secondary member which fetches the new configuration.

To reset configuration settings:

Click Reset Cluster Configuration.

Note - This deletes all configuration settings. You must run the wizard again to configure the cluster.

One member of the cluster is the primary active. The other member is the secondary inactive.

To failover from the primary to the other member:

  1. Click Force Member Down.

    A confirmation message shows.

  2. Click Yes.

The primary gateway is now the inactive member of the cluster. The secondary gateway is now active.

If you want to disable the secondary gateway, you must failover to the primary.

Note - Only one member of a cluster can be down at a time. For the inactive member, the Force Member Down button is now Disable Force Member Down.

To failover to the original primary member:

  1. Click Disable Force Member Down.

    A confirmation message shows.

  2. Click Yes.

    The original primary member is now the active member of the cluster.

To see detailed information about the cluster status:

Click Diagnostics.

To create a cluster:

  1. Click Configure Cluster.

    The New Cluster Wizard opens.

  2. In Step 1: Gateway Priority, select one of the options:

    • Configure as primary member - If this appliance must be configured first.

    • Configure as secondary member - If a primary member is already configured and this appliance connects to it.

  3. Click Next.

  4. For a primary member:

    1. In Step 2: SIC Settings, enter a password and confirm it. This password is used for establishing trust between the members. You cannot use these characters when you enter a password or shared secret: { } [ ] ` ~ | ‘ " # + \

    2. The default Sync interface is LAN2. If it is necessary to change it, click Advanced and select a different Sync Interface. You can also change the predefined Sync IP Address and Sync IP Subnet

      Note - Make sure that changes you make here are also made on the other cluster member.

    3. Click Next.

    4. In Step 3: Gateway Interfaces (1 out of N), you can define the cluster IP on the related interfaces. Enter the necessary details.

      By default, the appliance monitors the interface condition if the interface is enabled for high availability. If there is a failure, it automatically fails over to the secondary cluster member. When the interface is not enabled for high availability, you can select it for monitoring.

    5. Click Next. Do step d. again for all related interfaces in your network.

      Note - For Internet connections, you can only enable High Availability on Static IP Internet connections. Other types of Internet connections can be used for monitoring only.

  5. For a secondary member:

    1. In Step 2: SIC Settings, enter the Secure Internal Communication password.

    2. Click Establish Trust.

  6. Click Finish.

When the cluster is successfully configured, you see the status of the members on this page.

After the cluster is configured, when you connect to the cluster IP address you are automatically redirected to the active cluster member. To log in to specified member, you must log in with the member's IP address.

Note that the WebUI of the secondary member (standby member) only has some options available for fine tuning (for a locally managed cluster: basic network settings and logs. A cluster managed by SMP cluster also has Cloud Services). This is because all cluster management is done from the active member.

Cluster Managed by SMP

You can configure a cluster in which both gateways are managed by SMP. Make sure the gateways are connected to SMP before you create the cluster.

A cluster supported by SMP is very similar to a locally managed cluster. One member is Active, and the other is Standby. To change the status of the Active member, click Force Member Down.

To configure the cluster (on the gateway side):

Note – The procedure is similar to the one to create a local cluster that does not involve the SMP.

  1. Log in to the WebUI of the gateway you want to use as the primary member of the cluster.

  2. In the DeviceHigh Availability page, click Configure Cluster. The New Cluster Wizard opens.

  3. In Step 1: Gateway Priority, select Configure as primary member.

  4. Click Next.

  5. In Step 2: SIC Settings, you see a message that you do not need to establish trust as the cluster is managed by SMP Cloud Services.

    Optional - Under Advanced, enter this information:

    • Sync interface

    • Sync IP address

    • Sync IP subnet

    • Other member sync IP address

  6. Click Next.

  7. In Step 3: Gateway Interfaces, configure the addresses of each interface. Select Enable High Availability on interface and enter the networking details for both member gateways and the cluster entity.

    Note - This step is divided into several sub-steps, one for each interface.

  8. Click Finish.

  9. Log in to the WebUI of the other cluster member.

  10. Under Device > High Availability, click Configure Cluster. The New Cluster Wizard opens.

  11. Select Configure as secondary member.

  12. Click Next.

  13. Click Finish.

    The appliance fetches the settings from the primary member and applies them.

Note – When the cluster is managed by SMP, connections are not synchronized. In the event of cluster failover, you must re-establish the connections.

After the cluster is set up, you see the High Availability cluster between the two appliances. If both gateways are properly configured from a network perspective and software health, one gateway is marked as active, and the peer gateway is marked as standby. A list of configured interfaces shows.

To see information about the cluster members and the High Availability status, click diagnostics.

Upgrading a cluster member:

  • Upgrade each cluster member individually.

  • Start with the standby member.

  • After upgrade, the appliance automatically reboots.

  • Only manual upgrade is supported.

To manually upgrade a cluster:

  1. Go to Device > System Operations.

  2. Click Manual Upgrade.

    The Upgrade Software Wizard opens.

  3. Follow the wizard instructions.

IPv6 addresses are currently not supported. High Availability cluster only supports IPv6 in dual mode.