How to access the secondary Firewall TZ600?
Security_1234
Newbie ✭
Hello everybody,
I am very new to Sonicwall and in general to Firewall configuration. I have a small problem with a TZ600 secondary Firewall. I would like to configure my secondary with a different IP but can't access it (i have 2 from the same ISP). Both of them are running ok and the HA is configured.
My questions are:
Do I do this properly or i am missing something?
Can i configure the Secondary with a separate line from the same ISP? (dotted line from the scheme)
How can i access the secondary to configure it?
My configuration is like this:
Many thanks in advance
Category: Entry Level Firewalls
Tagged:
0
Answers
Hello @Security_1234,
Welcome to SonicWall community.
When two devices are configured in HA, they have identical physical and logical configuration. So, if X1 is configured with IP1 on the primary device, so will the X1 interface on the secondary device. They share identical IP addresses on each interface.
For management purposes, we have an option to assign separate IP addresses to each of the firewalls so that both of them can be managed independently. You would need to assign a usable IP to each of the firewalls and enable management to access them. In this KB below, it is explained for the LAN interface, but the same applies to the WAN interface as well.
Please go through it and if you have any additional questions, please let us know.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
Hello @shiprasahu93
Thank you for the fast response. Thank you for the documentation, everything is configured as in there. My follow up question is: Do i need a second line with the same IP on the ISP router, for backup Firewall and one for the LAN?
Thanks
@Security_1234,
Yes, the physical connections should be identical on both primary and secondary firewalls. Please take a look at the topology diagram for HA environments in the KB below.
So, the dotted line in your diagram should be connected and that is how both the device will share a common IP for ISP1. By using the monitoring settings you can reserve an IP each for management purposes for the firewalls.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
That is exactly what i have done. The only problem is that the "dotted line" is the 2nd IP from the ISP and because of that they don't share the same Public IP (it will be XXX.XXX.XXX.250 for Primary and XXX.XXX.XXX.251 for the Secondary).
@Security_1234,
So, physical connection wise, the dotted line is correct. You would then need to go to High availability -> monitoring settings tab and set the monitoring IP for that interface to be XXX.XXX.XXX.251. So, when you put XXX.XXX.XXX.251 on the browser, it will take you to the log in screen for the secondary device. Once you successfully log in to the device, you would still see the shared IP on that interface though.
Eg: X1 IP configured as 1.1.1.1 and 1.1.1.2 and 1.1.1.3 are the monitoring IP addresses for primary and secondary devices respectively. When I put 1.1.1.1 on the browser, it takes me to the active unit whether it is primary or secondary device. But if I put 1.1.1.3 on the browser, it will always take me to the secondary device irrespective on its status. So, on the Network -> Interfaces section you would see the shared IP, 1.1.1.1 for the secondary device but it can also be accessed using 1.1.1.3.
I hope that helps.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services