After HA is enabled, can the idle device be used separately?
No. After HA is configured, only one device can be in use at any one time. During failover the idle device becomes active. Two devices in HA mode cannot be used as separate SMA appliances.
What happens if we remove the HA interface cable from the devices?
If you remove the HA interface cable, then the IDLE device can be re-configured to work as a standalone. However, this causes an IP conflict, as both the primary and backup devices have the same IP configuration.
Can the HA interface settings be amended, after HA is enabled?
When HA is configured, the ‘Edit’ button for the HA interface is dimmed and disabled. So, the HA interface setting cannot be changed after the devices are in HA mode.
Can the X0, X1 and X2 interface settings be amended after HA mode is set up?
Yes. The X0, X1 and X2 interface settings can be amended on the primary device, and these new settings are copied to the backup device.
Can the synchronization status between the devices be viewed in the Secure Mobile Access management interface?
Yes. These can be viewed on the Active SMA in the Log > View page. The log message: “Finish synchronizing all data,” appears.
Is there any provision to make sure that the backup device is working correctly?
Yes. There are many messages on the Log > View page regarding active and idle device transitions.
You can check the High Availability page for the device status; one should be ACTIVE and the other is IDLE, as indicated in the image that follows:
If the LAN and WAN monitoring IP addresses are configured in the Network Monitoring Address section, the status of those interfaces is displayed.
You can also check the Network > Interfaces page for the X3 interface status, this should be “HA Link-Connected.”
Are firmware and settings synchronized to the Idle unit?
Yes. Both firmware and settings are synchronized between Active and Idle nodes. The Synchronize Firmware button allows you to synchronize firmware from the Active to the Idle unit. When settings are changed, clicking Accept synchronizes settings.
Does the HA configuration for SMA appliances differ from the HA configuration of SonicWall Inc. firewall devices?
Yes. HA configuration on a firewall is very different. Along with other items, firewall HA is also available in Active/Active state and can be assigned a virtual IP address. HA with SMA appliances is currently available only in Active/Passive mode.
How are settings applied to the Idle device?
Settings from the Active device are copied over to the Idle device as soon as HA configuration is complete. You can check the success of this in the active device logs.
What happens to the backup device settings?
The backup device settings are deleted and replaced with the primary device settings. If you wish to keep any settings from the backup device, it is recommended that you download a backup of the settings before switching to HA.
How do I view the status of the Backup unit?
On the High Availability > Settings page under Management Settings for Idle Unit section, select the Enable to Manage Idle Unit option. Select the Management Interface and type the IP address of the idle unit in the Management Address field.
Can I deploy an HA pair behind a proxy?
No. SMA appliances in an HA pair cannot be deployed behind a proxy. They communicate with the backend servers directly to download signatures and perform synchronization.