Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

HA Firewall NSA-3600 and Portchannel comutation problem.

Dears, good morning.

I need help with my sonickwall NSA-3600.

I have a Scenario in which I have port-channel configured and then I need to monitor the physical ports and when all physical ports are status down the HA of the sownickwall should switch to the secondary sonickwall in the active/standby scenario. What happens is that when the first physical port of the port-channel drops, the HA already switches to the secondary box. Then I found the option in HA that must be macarda and that informs that the active box should only switch when there are no physical ports raised in the port channel, but even marked it doesn't work, when one of the ports falls the sonickwall switches to the second box. Could someone let me know if this is a bug or if it is confguration. My version of SonickOS 6.2.5.3-35n.

Category: Firewall Security Services
Reply

Answers

  • SaravananSaravanan Moderator

    Hi @TIAGO_ZACARIAS_1,

    Thank you for visiting SonicWall Community.

    I guess this is an expected behavior because there is something called link weight that is calculated for each and every physical/virtual interfaces. If the link weight of one of the HA pairs becomes more than the other one, the HA failover happens to the one that has more weight.

    Hope this clarifies.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • Good morning Colleague, I understand what you are saying, but how can I change this behavior and manipulate the weight, since today I want the HA switching to occur only when there is no physical link in the active box's portchannel.

  • SaravananSaravanan Moderator

    Hi @TIAGO_ZACARIAS_1,

    AFAIK, the behavior cannot be changed as this is by design.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • Good night classmate,


    I'm not understanding but then the option Active / Standby Failover only ALL aggregated links are disabled in the advanced tab if marked for will not work in any case?


    I have a Redundant Link Network Design in which I need that when there is only no physical link left in the aggregation the active box becomes standby.


    In my understanding I only have in this case the benefit of aggregation when I have the two links working at the same time with the sum of the bands.

  • SaravananSaravanan Moderator

    Hi @Tiago_Zacarias_1,

    I haven't tried this option Active/Standby Failover only when ALL aggregate links are down. When I read the theory part, seems like the option suits your scenario. It was my bad. Appreciate your finding.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • Easy my dear,


    So now we are on the same page lined up I need to know if this option in HA in the Advanced tab should be working and if this is a bug in the version I have scenery with Nexus vPC and multiple port-channel link to NSA-3600 than in mine understanding when one of the links falls, the traffic through that port-channel still has to continue flowing through the same Firewall box and through the remaining physical link. This is the question whether the option works or is it a bug in my version?


    Version: SonickOS 6.2.5.3-35n

  • SaravananSaravanan Moderator

    Hi @TIAGO_ZACARIAS_1,

    With the option enabled, when one of the links fails, the traffic through that port-channel still has to continue flowing through the same Firewall box and through the remaining physical links.

    If this is not happening, this can be a regression. I see your SonicWall appliance is on an older firmware version. Please get the HA pairs up and running on the latest general release firmware version and then we can test.

    If the issue still persists even after the firmware upgrade, please have the issue reported to our support team to check for possible bugs if any.


    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

Sign In or Register to comment.