Configuring High Availability on a Gateway

Linked Diagram Template

The following procedure explains how to configure HA on a single gateway. You must perform this procedure on each UTM-1 appliance that you want to include in the HA cluster.

To configure HA on a UTM-1 appliance

Set the appliance's internal IP addresses and network range.
Each appliance must have a different internal IP address.

See Changing IP Addresses.
Click Setup in the main menu, and click the High Availability tab.
The High Availability page appears.
Select the Gateway High Availability check box.
The fields are enabled.
Next to each network for which you want to enable HA, select the HA check box.
The Internet-Primary field represents the WAN interface, and the Internet-Secondary field represents the WAN2 interface.
In the Virtual IP field, type the default gateway IP address.
This can be any unused IP address in the network, and must be the same for all gateways.

You can assign a virtual IP address to any internal interface, as well as to "LAN Static IP" Internet connections (that is, LAN connections for which the Obtain IP address automatically (using DHCP) check box is cleared).

Click the Synchronization radio button next to the network you want to use as the synchronization interface.

Note: The synchronization interface must be the same for all gateways, and must always be connected and enabled on all gateways. Otherwise, multiple appliances may become active, causing unpredictable problems.

The synchronization interface cannot be an Internet connection or a wireless interface.

Complete the fields using the information the following table.
Click Apply.
A success message appears.
If desired, configure WAN HA for both the primary and secondary Internet connection.
This setting should be the same for all gateways. For further information, see the Do not connect if this gateway is in passive state field in Using Internet Setup.
If you configured a virtual IP address for the WAN or WAN2 interface, configure the Internet connection to use the "Static IP" connection method.
See Using Internet Setup.

High Availability Page Fields

In this field…	Do this…
Priority
My Priority	Type the gateway's priority. This must be an integer between 1 and 255.
Internet Connection Tracking
Internet - Primary	Type the amount to reduce the gateway's priority if the primary Internet connection goes down. This must be an integer between 0 and 255.
Internet - Secondary	Type the amount to reduce the gateway's priority if the secondary Internet connection goes down. This must be an integer between 0 and 255. Note: This value is only relevant if you configured a backup connection. For information on configuring a backup connection, see Configuring a Backup Internet Connection.
Port Tracking
LAN1-4	Type the amount to reduce the gateway's priority if the LAN port's Ethernet link is lost. This must be an integer between 0 and 255.
DMZ	Type the amount to reduce the gateway's priority if the DMZ / WAN2 port's Ethernet link is lost. This must be an integer between 0 and 255.
When in passive state
Disable VPN	Select this option to specify that VPN connectivity should be disabled when the gateway is a Passive Gateway.
Disable OSPF	Select this option to specify that Open Shortest Path First (OSPF) dynamic routing should be disabled when the gateway is a Passive Gateway.
Disable BGP	Select this option to specify that Border Gateway Protocol (BGP) dynamic routing should be disabled when the gateway is a Passive Gateway.
Disable Wireless Transmitter	Indicates that the appliance's wireless transmitter will be disabled when the gateway is a Passive Gateway. This option only appears for wireless appliances, and it cannot be cleared.
Advanced	Select this option to specify that VPN connectivity should be disabled when the gateway is a Passive Gateway.
Group ID	If multiple HA clusters exist on the same network segment, type the ID number of the cluster to which the gateway should belong. This must be an integer between 1 and 255. The default value is 55. If only one HA cluster exists, there is no need to change this value.