HA Setup in a live environment
I'm new to the community and coming back to SonicWALL's after not using them for many years. The company I work for now has them deployed in multiple locations (site-site VPN's). I've just setup 2 new locations. Both have TZ series SonicWALL's (2 per location) and I would like to setup an HA configuration. I would of liked to have this setup before the sites went live but licensing got delayed and we were on a time crunch to get them up and running. My question is this. Has anyone successfully setup HA on a live environment? Should there be any kind of network interruption expected? I'm thinking of doing it after hours but if possible I would like to do it during.
I've also read some conflicting reviews saying that both SonicWalls need to be identical but have also heard by someone that the secondary would get sync'd from the primary once I paired them up.
Any first hand experience on this would be greatly appreciated!
TX_IT Enthusiast ✭✭
From the KB here:
CAUTION: If the secondary contains any configuration, please do a factory reset: Reset the firewall to factory default settings when the firewall is accessible and after the reset, disable the PortShield.
I've always deployed HA pairs into prod at the same time, but the same thing applies...the secondary firewall will get its config from the primary unit. Personally, I would plan on doing it after-hours...I can't remember if the primary firewall will also reboot as a part of the process to bring HA up.0
TKWITS Community Legend ✭✭✭✭✭
I've never done it 'live' in a production environment but IIRC the primary does not reboot if everything is setup correctly. If there is a mis-configuration with regards to link monitoring you may inadvertently cause a failover which will cause the primary to reboot.
So the big question then is do you have redundant ports available from both the uplink and downlink devices? If you do not that means you'd have to implement one during HA setup which would cause an outage...0
TX_IT Enthusiast ✭✭
Oh and post-implementation, I'd always recommend testing HA by taking each firewall offline one at a time to verify everything is still up...something that would obviously best be done after-hours.
To me, it's worth the peace of mind to know you've tested it. I do that for all server, storage, switching, power, etc. deployments that have redundancy to verify I didn't make a mistake during the install.0
Thanks for that TX_IT. Yeah I've read through those steps a few times and it seems pretty straight forward. The question is though, does the network stay up while this is happening, lol. But I do agree with you, better to be safe than sorry and do this after hours. I'll see how the first one goes then I'll make a decision based on that. I was just curious if anyone has some first hand experience saying that it does NOT bring down the network.
Thanks for the advise guys!