Chapter 34 Device HA
•System protect signatures
•Certificates (My Certificates, and Trusted Certificates)
Synchronization does not change the device HA settings in the backup ZyWALL.
Synchronization affects the entire device configuration. You can only configure one set of settings for synchronization, regardless of how many VRRP groups you might configure. The ZyWALL uses Secure FTP (on a port number you can change) to synchronize, but it is still recommended that the backup ZyWALL synchronize with a master ZyWALL on a secure network.
The backup ZyWALL gets the configuration from the master ZyWALL. The backup ZyWALL cannot become the master or be managed while it applies the new configuration. This usually takes two or three minutes or longer depending on the configuration complexity.
The following restrictions apply with
•The master ZyWALL must have no inactive monitored interfaces.
•The backup ZyWALL cannot be the master. This refers to the actual role at the time of synchronization, not the role setting in the configuration screen.
The following synchronization restrictions apply with legacy mode.
•The master ZyWALL must have at least one active VRRP group and no standby VRRP groups.
•The backup ZyWALL cannot be the master in any active VRRP group. This refers to the actual role at the time of synchronization, not the role setting in the VRRP group.
The backup applies the entire configuration if it is different from the backup’s current configuration.
| 589 |
ZyWALL USG 100/200 Series User’s Guide | |
|
|