How to deploy SonicWall NSv High Availability using Azure Load balancers ?
Description
Azure lets you add cloud capabilities to your existing network through its platform as a service (PaaS) model or entrust Microsoft with all your computing and network needs with Infrastructure as a Service (IaaS).
Product Matrix 
Topology
IP Addresses used in this article | ||
 NSv_Azure_HA-01 | ||
VNET | 192.168.0.0/16 | |
VNET NAME | NSv_Azure_HA | |
WAN IP | X1 :192.168.1.4/24 | |
LAN IP | X0: 192.168.2.4/24 | |
Â
IP Addresses used in this article | ||
 NSv_Azure_HA-02 | ||
VNET | 192.168.0.0/16 | |
VNET NAME | NSv_Azure_HA | |
WAN IP | X1 :192.168.1.5/24 | |
LAN IP | X1 :192.168.2.5/24 | |
ELB IP | 40.80.226.218 | |
ILB IP | 192.168.2.6/24 | |
Â
Resolution
Logging Azure Account
- Navigate to SonicWall NSv Azure Template using your Microsoft Azure Account. Â
- ARM template deployment, click Deploy to Azure.
Configure the following options:
- Resource group
- Location
- Storage Account
- VM Name
- Virtual Network Name
- Authentication type
- Virtual machine size
- Create Internal Load Balancer
NOTE: The above configuration will deploy NSv_Azure_HA1, NSv_Azure_HA2 along with external Load balancer NSv_Azure_HA-ELB and internal Load balancer NSv_Azure_HA-ILB.Â
Â
To find the associated Virtual NSvÂ
- Navigate to Azure Home | Load balancers | ELB Load balancer | Backend Pools.
 Configure the Load balancing rules to access the internal Virtual Machines from the public network
- Navigate to Azure  Home | Load balancers | ELB Load balancer | Load balancing rules.Â
TIP: Session persistence specifies that traffic from a client should be handled by the same virtual machine in the backend pool for the duration of a session. "None" specifies that successive requests from the same client may be handled by any virtual machine. "Client IP" specifies that successive requests from the same client IP address will be handled by the same virtual machine. "Client IP and protocol" specifies that successive requests from the same client IP address and protocol combination will be handled by the same virtual machine. NOTE: Remote Desktop Service TCP port 3389 has been used for the Demo purpose.
Â
To find the Inbound NSv GUI Access rule on port number 8443 and 8444
- Navigate to Azure Home | Load balancers | ELB Load balancer | Inbound NAT rules.
To find the associated Virtual NSv
- Navigate to Azure Home | Load balancers | ILB load balancer | Backend Pools.
Â
Configure the Load balancing rules to forward the internal Virtual Machines traffic through ILB
- Navigate to Azure Home | Load balancers | ILB Load balancer | Load balancing rules.
SonicWall Configuration Steps
Adding an access rule to allow interesting traffic
- Navigate to SonicWall NSv Firewall | Access Rule.
Â
Adding a NAT ruleto allow interesting traffic and translating the source as X0 ip
- Navigate to Firewall | NAT Rule.
Adding a route rule replying to the Internal Load balancer probe on 443 port
- Navigate to Network| Routing.
Â
CAUTION:Â Load Balancer uses a distributed probing service for its internal health model. Load Balancer health probes originate from the IP address 168.63.129.16 and must not be blocked for probes to mark up your instance. The above deployment is an Active/Active HA. Microsoft does not support L2 HA deployment and requires manually Sync by importing the .exp file every time from NSv_Azure_HA-01 to NSv_Azure_HA-02 or with the help of Cloud GMS.
NOTE: The local hosted Virtual Subnets will not be accessed through the Public IP once the route table is created on Azure.