Main Menu
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
SonicWall
  • Products
      All Products A–Z
      Free Trials
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Network Security Services
      • Network Security Management
      • Secure SD-WAN
    • Threat Protection
      • Advanced Threat Protection Cloud
      • Advanced Threat Protection Appliance
      • Capture Labs
    • Secure Access Service Edge (SASE)
      • Zero-Trust Network Access (ZTNA)
    • Cloud Security
      • Cloud Firewall
      • Cloud App Security
    • Endpoint Security
      • Endpoint Detection & Response (EDR)
    • Email Security
      • Cloud Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Secure Access
      • Wireless Access Points
      • Network Switch
      • Virtual Private Network (VPN)
    • Wi-Fi 6 Access Points

      SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.

      Read More
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • English English English en
  • BLOG
  • CONTACT SALES
  • FREE TRIALS
  • English English English en
SonicWall
  • Products
      All Products A–Z
      Free Trials
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Network Security Services
      • Network Security Management
      • Secure SD-WAN
    • Threat Protection
      • Advanced Threat Protection Cloud
      • Advanced Threat Protection Appliance
      • Capture Labs
    • Secure Access Service Edge (SASE)
      • Zero-Trust Network Access (ZTNA)
    • Cloud Security
      • Cloud Firewall
      • Cloud App Security
    • Endpoint Security
      • Endpoint Detection & Response (EDR)
    • Email Security
      • Cloud Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Secure Access
      • Wireless Access Points
      • Network Switch
      • Virtual Private Network (VPN)
    • Wi-Fi 6 Access Points

      SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.

      Read More
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • Menu

How to deploy SonicWall switches when SonicWall UTM is in High availability mode?

03/25/2021 33 People found this article helpful 188,900 Views

    Download
    Print
    Share
    • LinkedIn
    • Twitter
    • Facebook
    • Email
    • Copy URL The link has been copied to clipboard

    Description

    This KB explains how SonicWall switches can be deployed with the SonicWall UTM devices in high availability mode.
    The switches can be deployed with one or two dedicated uplinks and also with common uplinks. Currently, daisy chain switch mode is not supported.

    Resolution

    Configuring HA and PortShields With Dedicated Uplink(s)

    NOTE: To use the switch with HA, you must first deploy the firewalls in high availability, and then add the switch. 

    CAUTION: The auto-authorize option cannot be used while the firewall is in HA.

    There are two ways to configure HA units with dedicated uplinks:

    • Configuring HA Using One Switch Management Port
    • Configuring HA Using Two Switch Management Ports


    Configuring HA Using One Switch Management Port

    In this configuration with PortShield functionality in HA mode, firewall interfaces that serve as PortShield hosts should be connected to the switch on active and standby units. The PortShield members should also be connected to ports on the switch. The link between the firewall interface serving as the PortShield host and the switch is set up as a dedicated uplink.
    HA Pair Using One Switch Management Port Topology shows a firewall HA pair with a switch and one dedicated link:
    • The firewall interfaces, X3 and X4, on the primary unit are connected to ports 12 and 13 on the switch.
    • X3 and X4 are configured as PortShield hosts.
    • Similarly, the firewall interfaces X3 and X4 on the secondary unit are connected to ports 14 and 15 on the switch.
    • Ports 12 and 14 on the switch are port shielded to X3 with the dedicated uplink option enabled.
    • Ports 13 and 15 on the switch are port shielded to X4 with the dedicated uplink option enabled.
    • Ports 2 and 4 are port shielded to X3.
    • Ports 3 and 5 are port shielded to X4.

     Image

    When the primary unit is in Active HA mode, traffic between H1 and X3 is carried over the dedicated link between X3 and 12, and traffic between H3 and X4 is carried over the dedicated link between X4 and 13.
    When the secondary unit is in Active HA mode, traffic between H1 and X3 is carried over the dedicated link between X3 and 14, and traffic between H3 and X4 is carried over the dedicated link between X4 and 15.
    The link between the firewall interface, X0, and port 1 on the switch, carries the management traffic to manage the switch from the firewall. In such a configuration, X0 is configured to be in the same subnet as the switch. Also, X0 on the primary as well as the secondary is ensured to be connected to port 1 of the switch (for example, via a hub) so that when the secondary firewall becomes the active unit, the switch can be managed via the link
    between the firewall interface X0 on the secondary and port 1 of the switch. In such a configuration, when the switch is provisioned, the Primary Switch Management and Secondary Switch Management are set to 1.


    To set up HA with one dedicated uplink

    1. Navigate to MANAGE | Switch Controller | Overview tab. Under Physical View, click on the Add switch button.
      TIP: For SonicOS 7.X, navigate to DEVICE | EXTERNAL CONTROLLERS | Switch Network | Overview. Under the List View tab, click on the Add switch button.

    2. Fill in all necessary information like Serial number, IP address, username, password.
    3. Select the primary and secondary management uplink as 1.
    4. Select the firewall uplink as Interface X0.
    5. Select the primary and secondary switch uplink as 1.
    6. Click on Add.

      Image


      NOTE: The Firewall Uplink and Switch Uplink options are set the same in this configuration to support the redundant firewalls.

    Configuring HA Using Two Switch Management Ports
    You can connect X0 of the primary and secondary firewalls directly to the ports on the switch. In this case, two switch ports are used on the switch for management traffic.
    HA Pair Using 2 Switch Management Ports Topology shows a firewall HA pair with a switch and two dedicated links:
    • X0 of the primary unit is connected to port 1.
    • X0 of the secondary unit is connected to port 7.

    Image

    When the primary firewall is active, the link between X0 of the primary and port 1 of the switch carries the management traffic. When the secondary firewall is active, the link between X0 of the secondary and port 7 of the switch is used by the firewall to manage the switch.

    To set up HA with two switch management ports

    1. Navigate to MANAGE | Switch Controller | Overview tab. Under Physical View, click on the Add switch button.
      TIP: For SonicOS 7.X, navigate to DEVICE | EXTERNAL CONTROLLERS | Switch Network | Overview. Under the List View tab, click on the Add switch button.

    2. Fill in all necessary information like Serial number, IP address, username, password.
    3. Select the primary management uplink and primary switch uplink as 1.
    4. Select the secondary management uplink and secondary switch uplink as 7.
    5. Select the firewall uplink as Interface X0.
    6. Click on Add.

      Image

    Configuring HA and PortShield With a Common Uplink

    In this configuration with PortShield functionality in HA mode, a link between the active/standby firewalls and the switch serves as a common uplink to carry all the port shielded traffic. Firewall interfaces that serve as PortShield hosts are connected to a separate switch (not necessarily a switch) and not the same switch connected to the active and standby units. This other switch avoids the looping of packets for the same PortShield VLAN. The PortShield members can be connected to ports on the switch that is controlled by the active/standby firewalls.
    HA Pair Using a Common Switch Topology shows a firewall pair and two switches. The link between X3 and Switch 1 is set up as a common uplink. Similarly, the link between X2 and Switch 2 is set up as a common uplink. The PortShield hosts X0 are connected to a different switch (which could be a SonicWall switch or any other vendor’s switch) to avoid looping of packets. Ports 10 on both Switch 1 and Switch 2 are portshielded to X0, and hosts connected to Ports 10 on both switches can communicate using the common uplink.

    Image

    To set up HA with a common uplink:
    For switch 1:

    1. Navigate to MANAGE | Switch Controller | Overview tab. Under Physical View, click on the Add switch button.
       TIP: For SonicOS 7.X, navigate to DEVICE | EXTERNAL CONTROLLERS | Switch Network | Overview. Under the List View tab, click on the Add switch button.

    2. Fill in all necessary information like Serial number, IP address, username, password.
    3. Select the primary and secondary management uplink as 21.
    4. Select the firewall uplink as Interface X3.
    5. Select the primary and secondary switch uplink as 23.
    6. Click on Add.

      Image

    For switch 2:

    1. Navigate to MANAGE | Switch Controller | Overview tab. Under Physical View, click on the Add switch button.
       TIP: For SonicOS 7.X, navigate to DEVICE | EXTERNAL CONTROLLERS | Switch Network | Overview. Under the List View tab, click on the Add switch button.

    2. Fill in all necessary information like Serial number, IP address, username, password.
    3. Select the primary and secondary management uplink as 21.
    4. Select the firewall uplink as Interface X2.
    5. Select the primary and secondary switch uplink as 23.
    6. Click on Add.
      Image

    Related Articles

    • ICMP Ping Latency with SonicWall switches
    • How to Factory-Reset Sonicwall Switches
    • How to enable/configure SNMP on sonicwall switches

    Categories

    • Switches > Management

    Not Finding Your Answers?

    ASK THE COMMUNITY

    Was This Article Helpful?

    YESNO

    Article Helpful Form

    Article Not Helpful Form

    Company
    • Careers
    • News
    • Leadership
    • Awards
    • Press Kit
    • Contact Us
    Popular resources
    • Communities
    • Blog
    • SonicWall Capture Labs

    Stay In Touch

    • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
    • This field is for validation purposes and should be left unchanged.
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
    • Instagram

    © 2023 SonicWall. All Rights Reserved.

    • Legal
    • Privacy
    • English
    Scroll to top