SonicOS/X 7 High Availability

Configuring Advanced High Availability Settings

To configure advanced settings

  1. Log in as an administrator to the SonicOS Management Interface on the Master Node, that is, on the Virtual Group1 IP address (on X0 or another interface with HTTP management enabled).
  2. Navigate to DEVICE | High Availability > Settings.

  3. Optionally adjust the Heartbeat Interval to control how often the Security Appliances in the Active/Active cluster communicate. This setting applies to all units in the Active/Active cluster. The default is 1,000 milliseconds (1 second), the minimum value is 1,000 milliseconds, and the maximum is 300000.

    SonicWall recommends that you set the Heartbeat Interval to at least 1000.

    You can use higher values if your deployment handles a lot of network traffic. Lower values may cause unnecessary failovers, especially when the Security Appliance is under a heavy load.

    This timer is linked to the Failover Trigger Level (missed heartbeats) timer.

  4. Set the Failover Trigger Level to the number of heartbeats that can be missed before failing over. This setting applies to all units in the Active/Active cluster. The default is 5, the minimum is 4, and the maximum is 99.

    This timer is linked to the Heartbeat Interval timer. If the Failover Trigger Level is set to 5 and the Heartbeat Interval is set to 10000 milliseconds (10 seconds), it takes 50 seconds without a heartbeat before a failover is triggered.

  5. Set the Probe Interval to the interval, in seconds, between probes sent to specified IP addresses to monitor that the network critical path is still reachable. This interval is used in logical monitoring for the local HA pair. The default is 20 seconds, and the allowed range is 5 to 255 seconds.

    SonicWall recommends that you set the interval for at least 5 seconds.

    You can set the Probe IP Address(es) on DEVICE | High Availability > Advanced. See Monitoring High Availability.

  6. Set the Probe Count to the number of consecutive probes before SonicOS concludes that the network critical path is unavailable or the probe target is unreachable. This count is used in logical monitoring for the local HA pair. The default is 3, and the allowed range is 3 to 10.
  7. Set the Election Delay Time to the number of seconds the Primary Security Appliance waits to consider an interface up and stable. The default is 3 seconds, the minimum is 3 seconds, and the maximum is 255 seconds.

    This timer is useful with switch ports that have a spanning-tree delay set.

  8. Set the Dynamic Route Hold-Down Time to the number of seconds the newly-active Security Appliance keeps the dynamic routes it had previously learned in its route table. The default value is 45 seconds, the minimum is 0 seconds, and the maximum is 1200 seconds (20 minutes).

    The Dynamic Route Hold-Down Time setting is displayed only when the Advanced Routing Modeoption is selected on NETWORK | System > Dynamic Routing > Settings.

    In large or complex networks, a larger value may improve network stability during a failover.

    This setting is used when a failover occurs on a High Availability pair that is using either RIP or OSPF dynamic routing. During this time, the newly-active appliance relearns the dynamic routes in the network. When the Dynamic Route Hold-Down Time duration expires, SonicOS deletes the old routes and implements the new routes it has learned from RIP or OSPF.

  9. If you want Failover to occur only when ALL aggregate links are down, select Active/Standby Failover only when ALL aggregate links are down. This option is not selected by default.
  10. To have the appliances synchronize all certificates and keys within the HA pair. select Include Certificates/Keys. This option is selected by default.
  11. (Optional) To synchronize the SonicOS preference settings between your primary and secondary HA firewalls, click Synchronize Settings.

  12. (Optional) To synchronize the firmware version between your primary and secondary HA firewalls, click Synchronize Firmware.
  13. (Optional) To test the HA failover functionality is working properly by attempting an Active/Standby HA failover to the secondary Security Appliance, click Force Active/Standby Failover.
  14. When finished with all High Availability configuration, click Accept. All settings are synchronized to the Secondary Security Appliance or to other units in the cluster.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.