High Availability requires additional physical connections among the affected SonicWall appliances. For all modes, you need connections for HA Control and HA Data. Active/Active DPI requires an additional connection.
In any High Availability deployment, you must physically connect the LAN and WAN ports of all units to the appropriate switches.
It is important that the X0 interfaces from all units be connected to the same broadcast domain. Otherwise, traffic failover will not work. Also, X0 is the default redundant HA port; in case the normal HA Control link fails, X0 is used to communicate heartbeats between units. Without X0 in the same broadcast domain, both units would become active if the HA Control link fails.
A WAN connection to the Internet is useful for registering your appliances on MySonicWall and for synchronizing licensing information. Unless live communication with SonicWall's licensing server is not permitted due to network policy, the WAN (X1) interface should be connected before registration and licensing are performed.
SonicWall network security appliances requires the following interface link speeds for each designated HA interface:
- HA Control Interface Can be a 1GB or 10GB interface. 1GB is recommended.
NOTE: Link Aggregation and Port Redundancy are not supported for the HA Control Interface.
- HA Data Interface Can be a 1GB or 10GB interface. 10GB is recommended. The HA Control Interface and the HA Data Interface can share the same single interface. If they share a single interface, 10GB is recommended.
- Active/Active DPI Interface Can be a 1GB or 10GB interface.
Connecting the Active/Active DPI Interfaces for Active/Active DPI
For Active/Active DPI, you must physically connect at least one additional interface, called the Active/Active DPI Interface, between the two appliances in each HA pair, or Cluster Node. The connected interfaces must be the same number on both appliances, and must initially appear as unused, unassigned interfaces in the Network > Interfaces page. For example, you could connect X5 on the Primary unit to X5 on the Secondary if X5 is an unassigned interface. After enabling Active/Active DPI, the connected interface will have a Zone assignment of HA Data-Link.
Certain packet flows on the active unit are selected and offloaded to the standby unit on the Active/Active DPI Interface. DPI is performed on the standby unit and then the results are returned to the active unit over the same interface.
Optionally, for port redundancy with Active/Active DPI, you can physically connect a second Active/Active DPI Interface between the two appliances in each HA pair. This interface will take over transferring data between the two units during Active/Active DPI processing if the first Active/Active DPI Interface has a fault.
To connect the Active/Active DPI Interfaces for Active/Active DPI:
- Decide which interface to use for the additional connection between the appliances in the HA pair. The same interface must be selected on each appliance.
- In the SonicOS management interface, navigate to the Network > Interfaces page and ensure that the Zone is Unassigned for the intended Active/Active DPI Interface.
- Using a standard Ethernet cable, connect the two interfaces directly to each other.
- Optionally, for port redundancy with Active/Active DPI, physically connect a second Active/Active DPI Interface between the two appliances in each HA pair.