Configuring Active/Standby High Availability Settings
The configuration tasks on DEVICE | High Availability > Settings are performed on the Primary firewall and then are automatically synchronized to the Secondary firewall.
To configure Active/Standby
Navigate to DEVICE | High Availability > Settings.
In GENERAL SETTINGS section, do the following:
select Active / Standby from the Mode drop-down field.
Select Enable Stateful Synchronization. This option is not selected by default.
When Stateful High Availability is not enabled, session state is not synchronized between the Primary and Secondary firewalls. If a failover occurs, any session that had been active at the time of failover needs to be renegotiated.
Click OK in the information dialog displayed.
To configure the High Availability Pair so that the Primary firewall takes back the Primary role when it restarts after a failure, select Enable Preempt Mode. This option is not selected by default.
It is recommended that preempt mode be disabled when enabling Stateful High Availability because preempt mode can be over-aggressive about failing over to the Secondary firewall.
Select Enable Virtual MAC to allow the Primary and Secondary firewalls to share a single MAC address. This greatly simplifies the process of updating network ARP tables and caches when a failover occurs. This option is not selected by default.
If PPPoE Unnumbered is configured, you must select Enable Virtual MAC.
Only the switch to which the two firewalls are connected needs to be notified. All outside devices continue to route to the single shared MAC address.
To encrypt HA control communication between the active and standby firewalls, select Enable Encryption for Control Communication. This option is not selected by default.
Firewall performance may be affected if you choose encryption.
A confirmation message displays:
In the HA DEVICES section, enter the Serial Number of the SECONDARY DEVICE.
The serial number for the Primary Device is displayed, but the field is dimmed and cannot be edited.
In the HA INTERFACES section:
Select the interface for the HA Control Interface.
This option is dimmed and the interface displayed if the firewall detects that the interface is already configured.
Select the interface for the HA Data Interface.
When finished with all High Availability configuration, click Accept. All settings are synchronized to the Secondary firewall, and the Secondary firewall reboots.