Overview

You can create a High Availability (HA) cluster consisting of two or more UTM-1 appliances. For example, you can install two UTM-1 appliances on your network, one acting as the "Master", the default gateway through which all network traffic is routed, and one acting as the "Backup". If the Master fails, the Backup automatically and transparently takes over all the roles of the Master. This ensures that your network is consistently protected by a UTM-1 appliance and connected to the Internet.

The gateways in a HA cluster each have a separate IP address within the local network. In addition, the gateways share a single virtual IP address, which is the default gateway address for the local network. Control of the virtual IP address is passed as follows:

Each gateway is assigned a priority, which determines the gateway's role: the gateway with the highest priority is the "Active Gateway" and uses the virtual IP address, and the rest of the gateways are "Passive Gateways".
The Active Gateway sends periodic signals, or "heartbeats", to the network via a synchronization interface.
The synchronization interface can be any internal network or bridge existing on both gateways, except the WAN interface.
If the heartbeat from the Active Gateway stops (indicating that the Active Gateway has failed), the gateway with the highest priority becomes the new Active Gateway and takes over the virtual IP address.
When a gateway that was offline comes back online, or a gateway's priority changes, the gateway sends a heartbeat notifying the other gateways in the cluster.
If the gateway's priority is now the highest, it becomes the Active Gateway.

The UTM-1 appliance supports Internet connection tracking, which means that each appliance tracks its Internet connection's status and reduces its own priority by a user-specified amount, if its Internet connection goes down. If the Active Gateway's priority drops below another gateway's priority, then the other gateway becomes the Active Gateway.

Note: You can force a fail-over to a passive UTM-1 appliance. You may want to do this in order to verify that HA is working properly, or if the active UTM-1 appliance needs repairs. To force a fail-over, switch off the primary box or disconnect it from the LAN network.

The UTM-1 appliance supports configuring multiple HA clusters on the same network segment. To this end, each cluster must be assigned a unique ID number.

When HA is configured, you can specify that only the Active Gateway in the cluster should connect to the Internet. This is called WAN HA, and it is useful in the following situations:

Your Internet subscription cost is based is on connection time, and therefore having the Passive appliances needlessly connected to the Internet costs you money.
You want multiple appliances to share the same static IP address without creating an IP address conflict.

WAN HA avoids an IP address change, and thereby ensures virtually uninterrupted access from the Internet to internal servers at your network.

On the other hand, you might prefer to keep Passive Gateways connected to the Internet at all times, so that they can download updates from the Service Center and be accessible for remote management, even when not acting as the Active Gateway. In this case, you must assign a virtual IP address to the WAN interface. Each Passive Gateway will remain constantly connected to the Internet using its WAN interface's primary IP address, while remaining on standby to take over the WAN virtual IP address, in the event that the Active Gateway fails. If desired, you can configure a WAN virtual IP address for the WAN2 interface, as well.

Note: To use a WAN virtual IP address, the Internet connection method must be "Static IP". PPP-based connections and dynamic IP connections are not supported.

Before configuring HA, the following requirements must be met:

You must have at least two identical UTM-1 appliances.
The appliances must have identical firmware versions and firewall rules.
The appliances' internal networks and bridges must be the same.
The appliances must have different real internal IP addresses, but share the same virtual IP address.
The appliances' synchronization interface ports must be connected either directly, or via a hub or a switch. For example, if the DMZ is the synchronization interface, then the DMZ/WAN2 ports on the appliances must be connected to each other.
The synchronization interface need not be dedicated for synchronization only. It may be shared with an active internal network or bridge.

You can configure HA for the WAN interface, for any bridge, and for any internal network except wireless networks and the OfficeMode network.

Note: You can enable the DHCP server in all UTM-1 appliances. A Passive Gateway's DHCP server will start answering DHCP requests only if the Active Gateway fails.

Note: If you configure HA for the primary WLAN network:

A passive appliance's wireless transmitter will be disabled until the gateway becomes active.
The two primary WLAN networks can share the same SSID and wireless frequency.
Wireless interfaces cannot serve as the synchronization interface.