How to deploy SonicWall NSv High Availability using Azure Load balancers ?
08/19/2020 0 2824
Azure lets you add cloud capabilities to your existing network through its platform as a service (PaaS) model or entrust Microsoft with all your computing and network needs with Infrastructure as a Service (IaaS). Product Matrix
NOTE: The above configuration will deploy NSv_Azure_HA1, NSv_Azure_HA2 along with external Load balancer NSv_Azure_HA-ELB and internal Load balancer NSv_Azure_HA-ILB.
To find the associated Virtual NSv
Navigate to Azure Home | Load balancers | ELB Load balancer | Backend Pools.
Configure the Load balancing rules to access the internal Virtual Machines from the public network
Navigate to Azure Home | Load balancers | ELB Load balancer | Load balancing rules.
TIP: Session persistence specifies that traffic from a client should be handled by the same virtual machine in the backend pool for the duration of a session. "None" specifies that successive requests from the same client may be handled by any virtual machine. "Client IP" specifies that successive requests from the same client IP address will be handled by the same virtual machine. "Client IP and protocol" specifies that successive requests from the same client IP address and protocol combination will be handled by the same virtual machine.
NOTE: Remote Desktop Service TCP port 3389 has been used for the Demo purpose.
To find the Inbound NSv GUI Access rule on port number 8443 and 8444
Adding an access rule to allow interesting traffic
Navigate to SonicWall NSvFirewall | Access Rule.
Adding a NAT ruleto allow interesting traffic and translating the source as X0 ip
Navigate to Firewall | NAT Rule.
Adding a route rule replying to the Internal Load balancer probe on 443 port
Navigate to Network| Routing.
CAUTION: Load Balancer uses a distributed probing service for its internal health model. Load Balancer health probes originate from the IP address 220.127.116.11 and must not be blocked for probes to mark up your instance. The above deployment is an Active/Active HA. Microsoft does not support L2 HA deployment and requires manually Sync by importing the .exp file every time from NSv_Azure_HA-01 to NSv_Azure_HA-02 or with the help of Cloud GMS.
NOTE: The local hosted Virtual Subnets will not be accessed through the Public IP once the route table is created on Azure.