SonicWALL 4500, NSA 5000, 3500 manual Synchronizing Settings

Page 32

Synchronizing Settings

Once you have configured the HA setting on the Primary SonicWALL security appliance, click the Synchronize Settings button. You should see a HA Peer Firewall has been updated message at the bottom of the management interface page. Also note that the management interface displays Logged Into: Primary SonicWALL Status: (green ball) Active in the upper- right-hand corner.

By default, the Include Certificate/Keys setting is enabled. This specifies that Certificates, CRLs and associated settings (such as CRL auto-import URLs and OCSP settings) are synchronized between the Primary and Backup units. When Local Certificates are copied to the Backup unit, the associated Private Keys are also copied. Because the connection between the Primary and Backup units is typically protected, this is generally not a security concern.

Tip: A compromise between the convenience of synchronizing Certificates and the added security of not synchronizing Certificates is to temporarily enable the Include Certificate/Keys setting and manually synchronize the settings, and then disable Include Certificate/Keys.

To verify that Primary and Backup SonicWALL security appliances are functioning correctly, wait a few minutes, then trigger a test failover by logging into the primary unit and doing a restart. The Backup SonicWALL security appliance should quickly take over.

From your management workstation, test connectivity through the Backup SonicWALL by accessing a site on the public Internet – note that the Backup SonicWALL, when active, assumes the complete identity of the Primary, including its IP addresses and Ethernet MAC addresses.

Log into the Backup SonicWALL’s unique LAN IP address. The management interface should now display Logged Into: Backup SonicWALL Status: (green ball) Active in the upper- right-hand corner.

Now, power the Primary SonicWALL back on, wait a few minutes, then log back into the management interface. If stateful synchronization is enabled (automatically disabling preempt mode), the management GUI should still display

Logged Into: Backup SonicWALL Status: (green ball) Active in the upper-right-hand corner.

If you are using the Monitor Interfaces feature, experiment with disconnecting each monitored link to ensure correct configuration.

SonicWALL NSA 5000/4500/3500 Getting Started Guide Page 31

Page 31 Page 33
Image 32
Page 31 Page 33
Contents Getting Started Guide Document Contents SonicWALL NSA Getting Started GuideBack SonicWALL NSA SeriesPre-Configuration Tasks This SectionCheck Package Contents Obtain Configuration Information Administrator InformationObtain Internet Service Provider ISP Information Registration InformationFront Panel Power Supply Back Panel8 The Back Panel Registering Your Appliance on mysonicwall.com Before You Register Registering and Licensing Your Appliance on mysonicwall.com Product RegistrationLicensing Security Services and Software Service BundlesGateway Services Support ServicesSonicWALL NSA 5000/4500/3500 Getting Started Guide Registering a Second Appliance as a Backup Registration Next StepsDeployment Scenarios ABC Selecting a Deployment ScenarioScenario a NAT/Route Mode Gateway Scenario B State Sync Pair in NAT/Route Mode Scenario C L2 Bridge Mode System Requirements Initial SetupConnecting the WAN Port Connecting the LAN Port Applying PowerAccessing the Management Interface Accessing the Setup WizardConnecting to Your Network Testing Your ConnectionActivating Licenses in SonicOS Obtaining the Latest Firmware Saving a Backup Copy of Your PreferencesUpgrading Firmware on Your SonicWALL Upgrading the Firmware with Current Settings Upgrading the Firmware with Factory DefaultsUsing SafeMode to Upgrade Firmware On the System Settings page, click Upload New FirmwareUploaded Firmware New Confirmation dialog box, click OK to proceedScenario B Configuring a State Sync Pair in NAT/Route ModeInitial High Availability Setup Navigate to the High Availability Advanced Configuring High AvailabilityConfiguring Advanced HA Settings 30 Configuring a State Sync Pair in NAT/Route Mode Synchronizing Settings Adjusting High Availability Settings Synchronizing FirmwareHA License Configuration Overview Associating Pre-Registered Appliances Click RegisterConnection Overview Configuring L2 Bridge ModeConfiguring the Primary Bridge Interface Configuring the Secondary Bridge Interface IP Assignment drop-down, select Layer 2 Bridged ModeAdditional Deployment Configuration Creating Network Access Rules WAN DMZSonicWALL NSA 5000/4500/3500 Getting Started Guide Creating a NAT Policy SonicWALL NSA 5000/4500/3500 Getting Started Guide Configuring Address Objects Configuring NAT Policies Leave Create a reflexive policy uncheckedEnabling Security Services in SonicOS Enabling Gateway Anti-VirusSonicWALL NSA 5000/4500/3500 Getting Started Guide Security Services Intrusion Prevention page, click Accept Enabling Intrusion Prevention ServicesSecurity Services Gateway Anti-Virus page, click Accept Enabling Anti-Spyware Applying Security Services to Network Zones Updating SonicPoint Firmware Deploying SonicPoints for Wireless AccessConfiguring SonicPoint Provisioning Profiles Select Enable SonicPoint 802.11g Radio tab Select Enable RadioConfiguring a Wireless Zone Assigning an Interface to the Wireless Zone Connecting the SonicPoint Troubleshooting Diagnostic Tools Using Packet CaptureUsing Ping Using the Active Connections Monitor Using Log View Deployment Configuration Reference Checklist For this Task See this ChapterSupport and Training Options Support Services Customer SupportSonicWALL Live Product Demos Knowledge PortalUser Forums Training Related Documentation Product Safety and Regulatory Information Safety and Regulatory Information Lithium Battery WarningRack Mounting the SonicWALL Cable ConnectionsSafety and Regulatory Information in German Weitere Hinweise zur MontageHinweis zur Lithiumbatterie KabelverbindungenFCC Part 15 Class a Notice Canadian Radio Frequency Emissions StatementCispr 22 EN 55022 Class a Regulatory Information for KoreaCopyright Notice Trademarks70 Notes SonicWALL NSA 5000/4500/3500 Getting Started Guide 72 Notes Rev a 01/08
Top Page Image Contents