D-Link DFL-2500 User Guide - Page 329
Configuration Issues
View all D-Link DFL-2500 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 329 highlights
310 Chapter 29. High Availability 29.4.2 Configuration Issues When configuring High Availability clusters, there are a number of things to keep in mind in order to avoid unnecessary pitfalls. Changing the cluster ID By changing the cluster ID, you actually doing two things: • Changing the hardware address of the shared IPs. This will cause problems for all units attached to the local LAN, as they will keep the old hardware address in their ARP caches until it times out. Such units will have to have their ARP caches flushed. • You will also break the connection between the firewalls in the cluster for as long as they are using different configurations. This will cause both firewalls to go active at the same time. In short, changing the cluster ID unnecessarily is not a good idea. After the configuration has been uploaded to both firewalls, the ARP caches of vital units will have to be flushed in order to restore communication. Never use the unique IPs for live traffic The unique (private) IP addresses of the firewalls cannot safely be used for anything but managing the firewalls. Using them for anything else: gatewaying, using them as source IPs in dynamically NATed connections or publishing services on them, will inevitably cause problems, as unique IPs will disappear when the firewall it belongs to does. D-Link Firewalls User's Guide