Configuring Advanced High Availability Settings on SonicOS/X 7

02/02/2022 30 People found this article helpful 436,244 Views

Description

High Availability Advanced Settings provide the ability to fine-tune the High Availability configuration as well as synchronize setting and firmware among the High Availability Security Appliance.

Resolution

To configure advanced settings

Log in as an administrator to the SonicOS Management Interface on the Master Node, that is, on the Virtual Group1 IP address (on X0 or another interface with HTTP management enabled).
Navigate to DEVICE | High Availability > Settings.

The settings will show the minimum recommended values. Low values may cause unnecessary Failover, especially when the SonicWall is under a heavy load. We recommend to use higher values if your SonicWall handles a lot of network traffic.

Heartbeat Interval (milliseconds): Optionally adjust the Heartbeat Interval to control how often the Security Appliances communicate. This setting applies to all units. The default is 1,000 milliseconds (1 second), the minimum value is 1,000 milliseconds, and the maximum is 300000. This timer is linked to the Failover Trigger Level (missed heartbeats) timer.

CAUTION: SonicWall recommends that you set the Heartbeat Interval to 5,000 milliseconds when your deployment has a big configuration and handles a lot of network traffic. Lower values may cause unnecessary Failover.

Failover Trigger Level (missed heartbeats): Set the Failover Trigger Level to the number of heartbeats that can be missed before failing over. This setting applies to all units. The default is 5, the minimum is 4, and the maximum is 99.

This timer is linked to the Heartbeat Interval timer. If the Failover Trigger Level is set to 5 and the Heartbeat Interval is set to 5000 milliseconds (5 seconds), it takes 25 seconds without a heartbeat before a Failover is triggered.

Probe interval (seconds): Set the Probe Interval to the interval, in seconds, between probes sent to specified IP addresses to monitor that the network critical path is still reachable. This interval is used in logical monitoring for the local HA pair. The default is 20 seconds, and the allowed range is 5 to 255 seconds. You can set the Probe IP Address(es) on DEVICE | High Availability > Advanced. See Monitoring High Availability. This timer is linked to the Probe Count timer.

CAUTION: SonicWall recommends that you set the Probe Interval to 20 Seconds when your deployment has a big configuration and handles a lot of network traffic. Lower values may cause unnecessary failovers.accessing

Probe Count: Set the Probe Count to the number of consecutive probes before SonicOS concludes that the network critical path is unavailable or the probe target is unreachable. This count is used in logical monitoring for the local HA pair. The default is 3, and the allowed range is 3 to 10.

This timer is linked to the Probe Interval timer. If the Probe Count is set to 3 and the Probe Interval is set to 20 seconds, it will take 60 seconds without a successful probe count before a Failover is triggered.

Election Delay Time (seconds): Set the Election Delay Time to the number of seconds the Primary Security Appliance waits to consider an interface up and stable. The default is 3 seconds, the minimum is 3 seconds, and the maximum is 255 seconds.

This timer is useful with switch ports that have a spanning-tree delay set.

Dynamic Route Hold-Down Time (seconds): Set the Dynamic Route Hold-Down Time to the number of seconds the newly-active Security Appliance keeps the dynamic routes it had previously learned in its route table. The default value is 45 seconds, the minimum is 0 seconds, and the maximum is 1200 seconds (20 minutes).

The Dynamic Route Hold-Down Time setting is displayed only when the Advanced Routing Mode option is selected on NETWORK | System > Dynamic Routing > Settings. This setting is used when a Failover occurs on a High Availability pair that is using either RIP or OSPF dynamic routing. During this time, the newly-active appliance relearns the dynamic routes in the network. When the Dynamic Route Hold-Down Time duration expires, SonicOS deletes the old routes and implements the new routes it has learned from RIP or OSPF.

In large or complex networks, a larger value may improve network stability during a Failover.

SD-WAN Probes Hold-Down Time (seconds): When a Failover occurs, SD-WAN Probes Hold-Down Time is the number of seconds the newly-active appliance will wait before using the probe metrics to evaluate best path. The default value is 10 seconds, the minimum is 5 seconds, and the maximum is 60 seconds.
Active/Standby Failover only when ALL aggregate links are down: If you want Failover to occur only when ALL aggregate links are down, select Active/Standby Failover only when ALL aggregate links are down. This option is not selected by default.
Include Certificates/Keys: To have the appliances synchronize all certificates and keys within the HA pair, select Include Certificates/Keys. This option is enabled by default.

(Optional) To synchronize the SonicOS preference settings between your primary and secondary HA firewalls, click Synchronize Settings.

(Optional) To synchronize the firmware version between your primary and secondary HA firewalls, click Synchronize Firmware.

(Optional) To test the HA Failover functionality is working properly by attempting an Active/Standby HA Failover to the secondary Security Appliance, click Force Active/Standby Failover.

When finished with all High Availability configuration, click Accept. All settings are synchronized to the Secondary Security Appliance or to other units in the cluster.

Not Finding Your Answers?

ASK THE COMMUNITY

Was This Article Helpful?

YES NO

Configuring Advanced High Availability Settings on SonicOS/X 7

Description

Resolution

Related Articles

Categories

Not Finding Your Answers?

Was This Article Helpful?

Article Helpful Form

Article Not Helpful Form

Follow Us

Subscribe to newsletter

Stay In Touch