D-Link DFL-260 Product Manual - Page 487
Setting Up HA, 11.3.1. HA Hardware Setup, Note: Management cannot be done through the shared IP
UPC - 790069296802
View all D-Link DFL-260 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 487 highlights
11.3. Setting Up HA Chapter 11. High Availability 11.3. Setting Up HA This section provides a step-by-step guide for setting up an HA Cluster. 11.3.1. HA Hardware Setup The steps for the setup of hardware in an HA cluster are as follows: 1. Start with two physically similar NetDefend Firewalls. Both may be newly purchased or an existing unit may have a new unit added to it. The master hardware does not need to exactly match the slave, however it is recommended that hardware with similar performance is used in order to avoid any performance changes after a failover. 2. Make the physical connections: • Connect the matching interfaces of master and slave through separate switches or separate broadcast domains. It is important to keep the traffic on each interface pair separated from other pairs. • Connect together the sync interfaces. This can be done directly with a crossover cable or through a separate switch (or broadcast domain). 3. Decide on a shared IP address for each interface in the cluster. Some interfaces could have shared addresses only while others could also have unique, individual IP addresses for each interface specified in a IP4 HA Address object. The shared and individual addresses are used as follows: • The individual addresses specified for an interface in an IP4 HA Address object allow remote management through that interface. These addresses can also be "pinged" using ICMP provided that IP rules are defined to permit this (by default, ICMP queries are dropped by the rule set). If either unit is inoperative, its individual IP addresses will also be unreachable. These IP addresses are usually private but must be public if management access across the public Internet is required. If an interface is not assigned an individual address through an IP4 HA Address object then it must be assigned the default address localhost which is an IP address from the sub-network 127.0.0.0/8. ARP queries for the individual IP addresses specified in IP4 HA Address objects are answered by the firewall that owns the address, using the normal hardware address, just as with normal IP units. • One single shared IP address is used for routing and it is also the address used by dynamic address translation, unless the configuration explicitly specifies another address. Note: Management cannot be done through the shared IP The shared IP address cannot be used for remote management or monitoring purposes. When using, for example, SSH for remote management of the NetDefend Firewalls in an HA Cluster, the individual IP addresses of each firewall's interfaces must be used and these are specified in IP4 HA Address objects as discussed above. Typical HA Cluster Network Connections 487