How to deploy SonicWall NSv High Availability using Azure Load balancers ?

08/19/2020 6 People found this article helpful 187,372 Views

Download

Print

Share

• LinkedIn
• Twitter
• Facebook
• Email
• Copy URL The link has been copied to clipboard

Description

Azure lets you add cloud capabilities to your existing network through its platform as a service (PaaS) model or entrust Microsoft with all your computing and network needs with Infrastructure as a Service (IaaS).

Product Matrix


Topology

Resolution

Logging Azure Account

• Navigate to SonicWall NSv Azure Template using your Microsoft Azure Account.  
• ARM template deployment, click Deploy to Azure.
  

Configure the following options:

• Resource group
• Location
• Storage Account
• VM Name
• Virtual Network Name
• Authentication type
• Virtual machine size
• Create Internal Load Balancer
  
  
  
  
  

  NOTE: The above configuration will deploy NSv_Azure_HA1, NSv_Azure_HA2 along with external Load balancer NSv_Azure_HA-ELB and internal Load balancer NSv_Azure_HA-ILB.

   

To find the associated Virtual NSv 

• Navigate to Azure Home | Load balancers | ELB Load balancer | Backend Pools.
  
  
  

 Configure the Load balancing rules to access the internal Virtual Machines from the public network

• Navigate to Azure  Home | Load balancers | ELB Load balancer | Load balancing rules. 
  
  
  
  

  TIP: Session persistence specifies that traffic from a client should be handled by the same virtual machine in the backend pool for the duration of a session. "None" specifies that successive requests from the same client may be handled by any virtual machine. "Client IP" specifies that successive requests from the same client IP address will be handled by the same virtual machine. "Client IP and protocol" specifies that successive requests from the same client IP address and protocol combination will be handled by the same virtual machine.
  
  

  NOTE: Remote Desktop Service TCP port 3389 has been used for the Demo purpose.

To find the Inbound NSv GUI Access rule on port number 8443 and 8444

• Navigate to Azure Home | Load balancers | ELB Load balancer | Inbound NAT rules.

To find the associated Virtual NSv

• Navigate to Azure Home | Load balancers | ILB load balancer | Backend Pools.

Configure the Load balancing rules to forward the internal Virtual Machines traffic through ILB

• Navigate to Azure Home | Load balancers | ILB Load balancer | Load balancing rules.
  
  
  
  
  
  

SonicWall Configuration Steps

Adding an access rule to allow interesting traffic

• Navigate to SonicWall NSv Firewall | Access Rule.
  

Adding a NAT ruleto allow interesting traffic and translating the source as X0 ip

• Navigate to Firewall | NAT Rule.

Adding a route rule replying to the Internal Load balancer probe on 443 port

• Navigate to Network| Routing.
  
  
  
  

CAUTION: Load Balancer uses a distributed probing service for its internal health model. Load Balancer health probes originate from the IP address 168.63.129.16 and must not be blocked for probes to mark up your instance. The above deployment is an Active/Active HA. Microsoft does not support L2 HA deployment and requires manually Sync by importing the .exp file every time from NSv_Azure_HA-01 to NSv_Azure_HA-02 or with the help of Cloud GMS.

NOTE: The local hosted Virtual Subnets will not be accessed through the Public IP once the route table is created on Azure.

Related Articles

• Bandwidth usage and tracking in SonicWall
• How to force an update of the Security Services Signatures from the Firewall GUI
• Configure Guest VLAN in the TZ firewall, for guest users to access Internet only.

Categories

• Firewalls > NSv Series > Azure