For the active-passive HA feature, LANCOM R&S®Unified Firewall provides the following roles:
- Master node The master node actively processes network traffic. The master node is also responsible for forwarding all configuration and status changes to the slave node to ensure both systems are in sync.
- Slave node The slave node is a passive node that is used as a hot-standby replacement that takes over the master’s tasks if it is out of service. The slave node detects configuration and status changes and applies and activates them.
If the firewall does not work properly, e. g. due to hardware or kernel issues, the HA feature ensures a smooth feature failover by the slave. This prevents network downtimes. The failover is effected through Gratuitous ARP packets to all hosts in each broadcast domain of the firewall. These hosts acquire that the IP requests are responded by the new master node.
Note: Using the HA feature is useful if you want to supply your firewalls with new hardware without experiencing
downtimes, e. g. for network modules or SSD disks.