SonicWALL 4500 Configuring a State Sync Pair in NAT/Route Mode, Initial High Availability Setup

Page 29

Configuring a State Sync Pair in NAT/Route Mode

This section provides instructions for configuring a pair of SonicWALL NSA appliances for high availability (HA). This section is relevant to administrators following deployment

scenario B.

This section contains the following sub-sections:

•Initial High Availability Setup - page 28

•Configuring High Availability - page 29

•Configuring Advanced HA Settings - page 29

•Synchronizing Settings - page 31

•Adjusting High Availability Settings - page 32

•Synchronizing Firmware - page 32

•HA License Configuration Overview - page 33

•Associating Pre-Registered Appliances - page 34

SonicWALL NSA 2

SonicWALL

HA / Failover Pair

NSA

X5 HA Link

SonicWALL NSA 1

Network Security Appliance

Network Security Appliance

Internet

Local Network

Initial High Availability Setup

Before you begin the configuration of HA on the Primary SonicWALL security appliance, perform the following setup:

1.On the bottom panel of the Backup SonicWALL security appliance, locate the serial number and write the number down. You need to enter this number in the High Availability > Settings page.

2.Verify that the Primary SonicWALL and Backup SonicWALL security appliances are registered, running the same SonicOS Enhanced versions, and running the same SonicWALL Security services.

3.Make sure the Primary SonicWALL and Backup SonicWALL security appliances’ LAN, WAN and other interfaces are properly configured for failover.

4.Connect the X5 ports on the Primary SonicWALL and Backup SonicWALL appliances with a CAT6-rated crossover cable (red crossover cable). The Primary and Backup SonicWALL security appliances must have a dedicated connection. SonicWALL recommends cross- connecting the two together using a CAT6 crossover Ethernet cable, but a connection using a dedicated hub/ switch is also valid.

5.Power up the Primary SonicWALL security appliance, and then power up the Backup SonicWALL security appliance.

6.Do not make any configuration changes to the Primary’s HA interface; the High Availability configuration in an upcoming step takes care of this issue. When done, disconnect the workstation.

Page 28 Configuring a State Sync Pair in NAT/Route Mode

Image 29

Contents Getting Started Guide SonicWALL NSA Getting Started Guide Document ContentsSonicWALL NSA Series BackThis Section Pre-Configuration TasksCheck Package Contents Administrator Information Obtain Configuration InformationObtain Internet Service Provider ISP Information Registration InformationFront Panel Back Panel Power Supply8 The Back Panel Registering Your Appliance on mysonicwall.com Before You Register Product Registration Registering and Licensing Your Appliance on mysonicwall.comService Bundles Licensing Security Services and SoftwareGateway Services Support ServicesSonicWALL NSA 5000/4500/3500 Getting Started Guide Registration Next Steps Registering a Second Appliance as a BackupDeployment Scenarios Selecting a Deployment Scenario ABCScenario a NAT/Route Mode Gateway Scenario B State Sync Pair in NAT/Route Mode Scenario C L2 Bridge Mode System Requirements Initial SetupConnecting the WAN Port Applying Power Connecting the LAN PortAccessing the Setup Wizard Accessing the Management InterfaceTesting Your Connection Connecting to Your NetworkActivating Licenses in SonicOS Obtaining the Latest Firmware Saving a Backup Copy of Your PreferencesUpgrading Firmware on Your SonicWALL Upgrading the Firmware with Factory Defaults Upgrading the Firmware with Current SettingsUsing SafeMode to Upgrade Firmware On the System Settings page, click Upload New FirmwareConfirmation dialog box, click OK to proceed Uploaded Firmware NewScenario B Configuring a State Sync Pair in NAT/Route ModeInitial High Availability Setup Navigate to the High Availability Advanced Configuring High AvailabilityConfiguring Advanced HA Settings 30 Configuring a State Sync Pair in NAT/Route Mode Synchronizing Settings Synchronizing Firmware Adjusting High Availability SettingsHA License Configuration Overview Click Register Associating Pre-Registered AppliancesConnection Overview Configuring L2 Bridge ModeConfiguring the Primary Bridge Interface IP Assignment drop-down, select Layer 2 Bridged Mode Configuring the Secondary Bridge InterfaceAdditional Deployment Configuration WAN DMZ Creating Network Access RulesSonicWALL NSA 5000/4500/3500 Getting Started Guide Creating a NAT Policy SonicWALL NSA 5000/4500/3500 Getting Started Guide Configuring Address Objects Leave Create a reflexive policy unchecked Configuring NAT PoliciesEnabling Gateway Anti-Virus Enabling Security Services in SonicOSSonicWALL NSA 5000/4500/3500 Getting Started Guide Security Services Intrusion Prevention page, click Accept Enabling Intrusion Prevention ServicesSecurity Services Gateway Anti-Virus page, click Accept Enabling Anti-Spyware Applying Security Services to Network Zones Updating SonicPoint Firmware Deploying SonicPoints for Wireless AccessConfiguring SonicPoint Provisioning Profiles 802.11g Radio tab Select Enable Radio Select Enable SonicPointConfiguring a Wireless Zone Assigning an Interface to the Wireless Zone Connecting the SonicPoint Using Packet Capture Troubleshooting Diagnostic ToolsUsing Ping Using the Active Connections Monitor Using Log View For this Task See this Chapter Deployment Configuration Reference ChecklistSupport and Training Options Customer Support Support ServicesKnowledge Portal SonicWALL Live Product DemosUser Forums Training Related Documentation Product Safety and Regulatory Information Lithium Battery Warning Safety and Regulatory InformationRack Mounting the SonicWALL Cable ConnectionsWeitere Hinweise zur Montage Safety and Regulatory Information in GermanHinweis zur Lithiumbatterie KabelverbindungenCanadian Radio Frequency Emissions Statement FCC Part 15 Class a NoticeCispr 22 EN 55022 Class a Regulatory Information for KoreaTrademarks Copyright Notice70 Notes SonicWALL NSA 5000/4500/3500 Getting Started Guide 72 Notes Rev a 01/08