Can standalone appliance have Fallback operations. Are there any limitations?

09/24/2020 1 3205

DESCRIPTION:

Do standalone appliance(s) support Fallback operations?  If yes how many Appliances are needed to participate.

RESOLUTION:

Fallback Servers is an option for Customer who have two or more standalone appliance and want to have Connect Tunnel users be supported with Failover on event of Primary Device failing.

Note:  This Option is hidden in 12.3 & 12.4  which would be deprecated in future version.  As Customers are encouraged to Configure CMS/GTO to support more better features.

1. SonicWall SMA1000 Supports  Fallback Servers for Connect Tunnel  not for any other access methods.
2. On event of Primary appliance failure users would automatically Fallback to Secondary Server.  
3. User who have at least connected once to Primary device would be supported to Fallback to Secondary appliance on Event of failure.

How to Enable Fallback Server option on 12.3 or 12.4 . (This feature is hidden by Default on 12.3 or 12.4)  & Configure Fallback Servers.

How to Enable CEM Value to unhide this option:

1. Log in to AMC.
2. Click on Maintenance in the left-hand navigation menu.
3. In the URL, append "?advanced=1", and hit return.
4. Click on Configure under the new section Configuration extensions.
5. Click New
6. For the Key field, put in:   MGMT_FALLBACK_SERVERS 
7. For the Value field:   true
8. Click OK.
9. Click Save.
10. Apply Changes  (Note This needs to be done on Primary Device . Appliance Service would restart and this might disconnect Connected VPN Users).

To specify a Fallback Server for Connect Tunnel users

• 1. Login to SMA 1000 Management Console-Select Network Settings
• 2.  In the Tunnel Service area, click New
• 3.  In the Fallback Servers area, click New.
• 4. Specify the Fallback Server by hostname or Ip address
• 5. In the Realm box you have two choices:

•    Leave it blank: Whatever realm the user was logged in to before the primary server became unavailable is the same realm name that will be used on this particular Fallback server.
•    Specify a realm: Force users to log into a particular realm when they connect to the server.

Fallback server setting don't  replicate as part of policy replication. In a group of server that have designated Fallback server, each appliance has a unique list that should not be replicated on the other Servers (Appliances).