SonicWALL E6500 manual Synchronizing Settings

Page 36

Synchronizing Settings

Once you have configured the HA setting on the Primary SonicWALL security appliance, click the Synchronize Settings button. You should see a HA Peer Firewall has been updated message at the bottom of the management interface page. Also note that the management interface displays Logged Into: Primary SonicWALL Status: (green ball) Active in the upper- right-hand corner.

By default, the Include Certificate/Keys setting is enabled. This specifies that Certificates, CRLs and associated settings (such as CRL auto-import URLs and OCSP settings) are synchronized between the Primary and Backup units. When Local Certificates are copied to the Backup unit, the associated Private Keys are also copied. Because the connection between the Primary and Backup units is typically protected, this is generally not a security concern.

Tip: A compromise between the convenience of synchronizing Certificates and the added security of not synchronizing Certificates is to temporarily enable the Include Certificate/Keys setting and manually synchronize the settings, and then disable Include Certificate/Keys.

To verify that Primary and Backup SonicWALL security appliances are functioning correctly, wait a few minutes, then power off the Primary SonicWALL device. The Backup SonicWALL security appliance should quickly take over.

From your management workstation, test connectivity through the Backup SonicWALL by accessing a site on the public Internet – note that the Backup SonicWALL, when active, assumes the complete identity of the Primary, including its IP addresses and Ethernet MAC addresses.

Log into the Backup SonicWALL’s unique LAN IP address. The management interface should now display Logged Into: Backup SonicWALL Status: (green ball) Active in the upper- right-hand corner.

Now, power the Primary SonicWALL back on, wait a few minutes, then log back into the management interface. If stateful synchronization is enabled (automatically disabling preempt mode), the management GUI should still display

Logged Into: Backup SonicWALL Status: (green ball) Active in the upper-right-hand corner.

If you are using the Monitor Interfaces feature, experiment with disconnecting each monitored link to ensure correct configuration.

SonicWALL NSA E6500 Getting Started Guide Page 35

Image 36
Contents NSA E6500 Getting Started Guide Document Contents SonicWALL NSA E6500Front SonicWALL NSA E6500Pre-Configuration Tasks This SectionCheck Package Contents Obtain Configuration Information Administrator InformationObtain Internet Service Provider ISP Information Registration InformationFront Panel LCD ScreenBack Panel Front Bezel Control Features LCD Control ButtonsMain Menu StatusConfigure Configuration Options RestartSafeMode Screen-SaverFront Bezel Configuration Example LAN IP ConfigurationRegistering Your Appliance Before You Register Registering and Licensing Your Appliance on mysonicwall.com Product RegistrationLicensing Security Services and Software Gateway ServicesSonicWALL NSA E6500 Getting Started Guide Registering a Second Appliance as a Backup Registration Next StepsDeployment Scenarios ABC Selecting a Deployment ScenarioScenario a NAT/Route Mode Gateway Scenario B State Sync Pair in NAT/Route Mode Scenario C L2 Bridge Mode Initial Setup Connecting the WAN PortSystem Requirements Connecting the LAN Port Applying PowerAccessing the Management Interface Accessing the Setup WizardConnecting to Your Network Testing Your ConnectionActivating Licenses in SonicOS Saving a Backup Copy of Your Preferences Upgrading Firmware on Your SonicWALLObtaining the Latest Firmware Using SafeMode to Upgrade Firmware Upgrading the FirmwareAdditional Deployment Configuring a State Sync Pair in NAT/Route Mode Initial High Availability SetupConfiguring High Availability Configuring Advanced HA Settings34 Configuring a State Sync Pair in NAT/Route Mode Synchronizing Settings Adjusting High Availability Settings Synchronizing FirmwareHA License Configuration Overview Your Appliance on mysonicwall.comAssociating Pre-Registered Appliances Configuring L2 Bridge Mode Configuring the Primary Bridge InterfaceConnection Overview Configuring the Secondary Bridge Interface IP Assignment drop-down, select Layer 2 Bridged ModeAdditional Deployment Configuration Creating Network Access Rules An Introduction to Zones and InterfacesSonicWALL NSA E6500 Getting Started Guide 44 Creating Network Access Rules Creating a NAT Policy Configuring Address Objects Configuring NAT Policies Enabling Security Services in SonicOS Applying Security Services to ZonesGateway Anti-Virus Intrusion Prevention Anti-Spyware Troubleshooting Diagnostic Tools Using Packet CaptureUsing Ping Using the Active Connections Monitor Using Log View Deployment Configuration Reference Checklist For this Task See this Chapter54 Deployment Configuration Reference Checklist Support and Training Options Customer Support Knowledge PortalUser Forums Training Related Documentation Dynamic Tooltips SonicWALL Live Product DemosSonicWALL NSA E6500 Getting Started Guide 62 SonicWALL Live Product Demos Rack Mounting Instructions Rack Mounting Instructions SSEMBLEMTHEL3LIDET2AIL  &ASTEN TWOSIDEDISCREWSWTOOTHETRAIL SSEMBLEMNNERE2AILITOO#HASSIS NSERTT#HASSISATOO&RAME  3LIDEIINNER CHANNELEINTOORAILS 68 Rack Mounting Instructions Product Safety and Regulatory Information Safety and Regulatory Information Rack Mounting the SonicWALLHinweis zur Lithiumbatterie FCC Part 15 Class a Notice Copyright Notice TrademarksPage SonicWALL NSA E6500 Getting Started Guide Page Protection AT the Speed of Business