Main Menu
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
SonicWall
  • Products
    • Network Security
      • Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
      • Security ServicesComprehensive security for your network security solution
      • Network Security ManagerModern Security Management for today’s security landscape
    • Advanced Threat Protection
      • Capture ATPMulti-engine advanced threat detection
      • Capture Security applianceAdvanced Threat Protection for modern threat landscape
    • Access Security
      • Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
      • Secure Mobile AccessRemote, best-in-class, secure access
      • Wireless Access PointsEasy to manage, fast and secure Wi-FI
      • SwitchesHigh-speed network switching for business connectivity
    • Email Security
      • Email SecurityProtect against today’s advanced email threats
    • Cloud Security
      • Cloud App SecurityVisibility and security for Cloud Apps
      • Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
    • Endpoint Security
      • Capture ClientStop advanced threats and rollback the damage caused by malware
      • Content Filtering ClientControl access to unwanted and unsecure web content
    • Product Widgets
      • Product Menu Right Image
      • Capture Cloud Platform
        Capture Cloud Platform

        A security ecosystem to harness the power of the cloud

    • Button Widgets
      • Products A-Z
        all products A–Z FREE TRIALS
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure WiFi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • English English English en
  • BLOG
  • CONTACT SALES
  • FREE TRIALS
  • English English English en
SonicWall
  • Products
    • Network Security
      • Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
      • Security ServicesComprehensive security for your network security solution
      • Network Security ManagerModern Security Management for today’s security landscape
    • Advanced Threat Protection
      • Capture ATPMulti-engine advanced threat detection
      • Capture Security applianceAdvanced Threat Protection for modern threat landscape
    • Access Security
      • Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
      • Secure Mobile AccessRemote, best-in-class, secure access
      • Wireless Access PointsEasy to manage, fast and secure Wi-FI
      • SwitchesHigh-speed network switching for business connectivity
    • Email Security
      • Email SecurityProtect against today’s advanced email threats
    • Cloud Security
      • Cloud App SecurityVisibility and security for Cloud Apps
      • Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
    • Endpoint Security
      • Capture ClientStop advanced threats and rollback the damage caused by malware
      • Content Filtering ClientControl access to unwanted and unsecure web content
    • Product Widgets
      • Product Menu Right Image
      • Capture Cloud Platform
        Capture Cloud Platform

        A security ecosystem to harness the power of the cloud

    • Button Widgets
      • Products A-Z
        all products A–Z FREE TRIALS
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure WiFi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • Menu

How to replace the Primary Firewall in High Availability

02/15/2022 121 People found this article helpful 98,839 Views

    Download
    Print
    Share
    • LinkedIn
    • Twitter
    • Facebook
    • Email
    • Copy URL The link has been copied to clipboard

    Description

    HA Configuration:

    • Screenshot below shows a healthy HA environment with Primary FW status showing as Active and secondary FWstatus as Standby.
      Primary and secondary Stateful HA is licensed and settings are synchronized.

      Image
    • Export the current firewall settings by navigating to System | Settings and then click on the export settings button, which will be needed in the event of replacing a Primary SonicWall NGFW later in this article.

      CAUTION: Before starting the replacement procedure, plan a maintenance window and notify the affected parties about the service disruption and expected duration. Replacement of primary shouldn't take more than few minutes while new appliance take over the control and both firewalls may reboots after new appliance has been introduced into HA. 


    Resolution

    Replacement of Primary SonicWall NGFW:

    1. Disable HA on Secondary Active NGFW: In order to replace the Primary Firewall, disable the HA on the currently active (Secondary) firewall.

      Image
    2. Remove the existing Primary SonicWall NGFW and HA control and data link cables.
    3. Export the settings backup from the Secondary Firewall through System | Settings.
    4. Factory Default the Secondary Firewall and disconnect all the cables.
    5. HA has now been disabled on the Secondary SonicWall NGFW, and all HA related links showing none status, see screenshot below:

    Prepare New Primary NGFW: unpack, power up, and prepare the new Primary SonicWall NGFW by uploading the same firmware and then registering it with the License manager via an active Internet connection.

    NOTE: Connect the new primary with an Internet connection by configuring one of its WAN interfaces and accessing it via MGMT interface by connecting a PC/Laptop directly to its MGMT (management) interface using an Ethernet Patch cable or if MGMT Interface is unavailable you can use the X0 Interface and connect to 192.168.168.168

    1. Log in to the new MGMT interface by typing 192.168.1.254 (or 192.168.168.168 if connected to X0) in the web browser on the PC being used and upload same Firmware on the new Primary FW.
      1. To upload Firmware: Download it from MySonicWall web portal and click here to read about how to upload a Firmware.

    2. Register New Primary NGFW: Register the new Primary NGFW by clicking the register link from the right hand side of System | Status page and enter MySonicWall username password details.

    3. Login to MySonicWall: Log in to the MySonicWall web portal and check the new Primary SonicWall HA associations after successfully registering the firewall in the previous step.

      NOTE: Please allow some time for the device status to show green as this could take some time to display the active Green icon next to Trusted, as shown below:

      Image
    4. Check HA association on MSW:
      • Old Primary firewall with its Serial number shouldn't return any results under products on the MySonicWall web portal, because its services have been transferred to the new Primary and the old firewall has been de-registered.

      • Search for the New serial number on MySonicWall web portal and check its HA associations.

        NOTE:  If the HA association is not showing correctly then remove the existing association and create new association, click here for more information about creating HA associations. In the above case association was also updated as result of RMA service transfer. Once the association has been checked on MySonicWall web portal and showing correct NGFW serial numbers proceed to the next step. If HA association is not updating please contact Support on for further assistance.

    5. Import Settings on New Primary NGFW and verify serial numbers and HA configuration:
      • Log back into new Primary NGFW via its MGMT or X0 interface and Import the preferences which were exported in the previous steps.

      • After the new Primary firewall has been rebooted successfully with HA preferences, navigate to High Availability as shown below:

        NOTE: This Firewall is currently active and secondary status is none because this firewall is not yet placed in the HA.

        Image
      • Navigate to High Availability | Settings | and click on General Tab to confirm the HA Mode settings.
        Image
      • Navigate to High Availability | Settings | and click on HA Devices tab to confirm the serial numbers of HA Devices.

      • Navigate to High Availability | Settings | and click on HA Interfaces tab to confirm the HA interfaces.

        CAUTION: The HA configuration after importing the settings, shouldn't require any manual change unless the changes were made after exporting the settings. It is recommended to connect the HA primary and secondary NGFWs with Serial cables and save their console outputs in separate files for further analysis in the event of unforeseen incident.

    6. Connect all network cables to the Primary and verify the correct functionality of the traffic.
    7. Once confirmed that the network is up and running with the primary, reconnect all HA Cables only to the secondary firewall.
      NOTE: Make sure the secondary unit was factory defaulted as per previous steps.
    8. Wait until the secondary synchronizes the settings. restarts and the HA Status shows the Secondary in "Standby".Image
    9. Now reconnect all network cable to the secondary unit.

    TIP: If you have configured Monitoring IPs, you can now login to the Standby secondary firewall to verify and confirm its status: Image

    This concludes the replacement of a New Primary SonicWall NGFW into a HA.

     

    Related Articles

    • ‘Error sending one-time password’ encountered when connecting to NetExtender
    • Supported SonicWall and 3rd party SFP and SFP+ modules that can be used with SonicWall NSsp series
    • Supported SonicWall and 3rd party SFP and SFP+ modules that can be used with SonicWall NSA series

    Categories

    • Firewalls > TZ Series
    • Firewalls > SonicWall SuperMassive E10000 Series
    • Firewalls > SonicWall SuperMassive 9000 Series
    • Firewalls > SonicWall NSA Series
    • Firewalls > NSa Series > High Availability

    Not Finding Your Answers?

    ASK THE COMMUNITY

    Was This Article Helpful?

    YESNO

    Article Helpful Form

    Article Not Helpful Form

    Company
    • Careers
    • News
    • Leadership
    • Awards
    • Press Kit
    • Contact Us
    Popular resources
    • Communities
    • Blog
    • SonicWall Capture Labs

    Stay In Touch

    • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
    • This field is for validation purposes and should be left unchanged.
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
    • Instagram

    © 2022 SonicWall. All Rights Reserved.

    • Legal
    • Privacy
    • English
      Scroll to top
      Trace:bc25ceab620983726ed9b9f9e3bc8474-80