Sample Implementation on Two Gateways

Linked Diagram Template

The following procedure illustrates how to configure HA for the following two UTM-1 gateways, Gateway A and Gateway B:

Gateway Details

	Gateway A	Gateway B
Internal Networks	LAN, DMZ	LAN, DMZ
Internet Connections	Primary and secondary	Primary only
LAN Network IP Address	192.169.100.1	192.169.100.2
LAN Network Subnet Mask	255.255.255.0	255.255.255.0
DMZ Network IP Address	192.169.101.1	192.169.101.2
DMZ Network Subnet Mask	255.255.255.0	255.255.255.0

The gateways have two internal networks in common, LAN and DMZ. This means that you can configure HA for the LAN network, the DMZ network, or both. You can use either of the networks as the synchronization interface.

The procedure below shows how to configure HA for both the LAN and DMZ networks. The synchronization interface is the DMZ network, the LAN virtual IP address is 192.168.100.3, and the DMZ virtual IP address is 192.168.101.3. Gateway A is the Active Gateway.

To configure HA for Gateway A and Gateway B

Connect the LAN port of Gateways A and B to hub 1.
Connect the DMZ port of Gateways A and B to hub 2.
Connect the LAN network computers of Gateways A and B to hub 1.
Connect the DMZ network computers of Gateways A and B to hub 2.
Do the following on Gateway A:
1. Set the gateway's internal IP addresses and network range to the values specified in the table above.
  See Changing IP Addresses.
2. Click Setup in the main menu, and click the High Availability tab.
  The High Availability page appears.
3. Select the Gateway High Availability check box.
  The Gateway High Availability area is enabled. The LAN and DMZ networks are listed.
4. Next to LAN, select the HA check box.
5. In the LAN network's Virtual IP field, type the default gateway IP address 192.168.100.3.
6. Next to DMZ, select the HA check box.
7. In the DMZ network's Virtual IP field, type the default gateway IP address 192.168.101.3.
8. Click the Synchronization radio button next to DMZ.
9. In the My Priority field, type "100".
  The high priority means that Gateway A will be the Active Gateway.
10. In the Internet - Primary field, type "20".
  Gateway A will reduce its priority by 20, if its primary Internet connection goes down.
11. In the Internet - Secondary field, type "30".
  Gateway A will reduce its priority by 30, if its secondary Internet connection goes down.
12. Click Apply.
  A success message appears.
Do the following on Gateway B:
1. Set the gateway's internal IP addresses and network range to the values specified in the table above.
  See Changing IP Addresses.
2. Click Setup in the main menu, and click the High Availability tab.
  The High Availability page appears.
3. Select the Gateway High Availability check box.
  The Gateway High Availability area is enabled. The LAN and DMZ networks are listed.
4. Next to LAN, select the HA check box.
5. In the LAN network's Virtual IP field, type the default gateway IP address 192.168.100.3.
6. Next to DMZ, select the HA check box.
7. In the DMZ network's Virtual IP field, type the default gateway IP address 192.168.101.3.
8. Click the Synchronization radio button next to DMZ.
9. In the My Priority field, type "60".
  The low priority means that Gateway B will be the Passive Gateway.
10. In the Internet - Primary field, type "20".
  Gateway B will reduce its priority by 20, if its Internet connection goes down.
11. Click Apply.
  A success message appears.

Gateway A's priority is 100, and Gateway B's priority is 60. So long as one of Gateway A's Internet connections is up, Gateway A is the Active Gateway, because its priority is higher than that of Gateway B.

If both of Gateway A's Internet connections are down, it deducts from its priority 20 (for the primary connection) and 30 (for the secondary connection), reducing its priority to 50. In this case, Gateway B's priority is the higher priority, and it becomes the Active Gateway.