Use the
settings to specify the connection parameters for the master/slave configuration.The High Availability feature requires two identical systems of the same hardware type (for example UF‑200 with UF‑200 or UF‑500 with UF‑500) and software version. Furthermore, a free network interface (NIC) is required on both systems that is not in use by any other interface (like VLAN or bridge) or any network connection. For more information, see Interfaces and Network Connections. You have to use the same NIC on both systems for cluster interconnection.
The master system synchronizes its initial configuration and any subsequent configuration changes to the slave system to ensure that the same configuration is used in the event of failure.
High Availability can only be activated if no background processes, such as updates or backups, are running.
Navigate to
configure the high availability settings.The High Availability configuration dialog allows you to configure the following elements:
Input field | Description |
---|---|
I/0 | A slider switch indicates whether the High Availability feature is active (I) or inactive (0). By clicking the slider switch, you can toggle the state of High Availability. High Availability is deactivated by default. |
Status |
Displays the High Availability status of your LANCOM R&S®Unified Firewall. The following
statuses are available:
|
Initial Role |
Select the respective radio button to specify the role which your LANCOM R&S®Unified Firewall is to play in the HA cluster:
|
HA Interface |
From the drop-down list, select the interface to be used for the HA cluster communication. This interface
cannot be used for any other firewall services.
Important: The same interface (NIC) must be used on both LANCOM R&S®Unified Firewall systems for Cluster Interconnection.
|
Local IP | Enter the IP address which you want to assign to the HA interface on the LANCOM R&S®Unified Firewall in CIDR notation (IP address followed by a slash "/" and the number of bits set in the subnet mask, e. g. 192.168.50.1/24). |
Remote IP | Enter the IP address under which the LANCOM R&S®Unified Firewall can reach the other LANCOM R&S®Unified Firewall of the HA cluster. |
Local IP and Remote IP must be in the same subnet. HA cluster communication is not supported for routed networks.
If you have modified these settings, use the buttons at the bottom right of the editor panel to confirm (Save) or to discard your changes (Reset). Otherwise, you can close the dialog (Close).
Click Activate in the toolbar at the top of the desktop to apply your configuration changes.
Before you connect the slave system to the master with the cluster interconnect cable and configure High Availability on the slave, the configuration of the master system must be complete and activated.
Connect the slave system with the same "WAN" and "LAN" network components as the master system (see Figure 1).
Only the master system can be reached and configured using the web client.
If you want to change the High Availability configuration (for example to change the HA interface), first disable High Availability, then change the configuration. Then, turn High Availability back on with the new configuration.
To use both firewalls with your LANCOM R&S®UF Command Center, you need to configure them separately. When High Availability (HA) is enabled, the LANCOM R&S®UF Command Center settings are synchronized using the slave node to configure your LANCOM R&S®UF Command Center only once. For more information see Command Center
To make the HA feature work properly, the time settings of both firewalls need to be in sync. When you enable the HA feature, the settings are configured as folows:
- The NTP client and server are activated on both firewalls.
- Cluster link IP addresses are added to both nodes of the NTP server list.
You can find more information under Time Settings
To remove the slave system from the High Availability configuration and operate it as a standalone system, click the slider switch to deactivate the HA feature. The configuration settings of the slave node and the IP addresses of the network interface are set to default.