User guide
Overview
Chapter 8: Configuring High Availability 281
Chapter 8
This chapter describes how to configure High Availability (HA) for two or more
Safe@Office appliances.
This chapter includes the following topics:
Overview .................................................................................................. 281
Configuring High Availability on a Gateway ........................................... 284
Sample Implementation on Two Gateways .............................................. 289
Overview
You can create a High Availability (HA) cluster consisting of two or more Safe@Office
appliances. For example, you can install two Safe@Office appliances on your network,
one acting as the “Master”, the default gateway through which all network traffic is routed,
and one acting as the “Backup”. If the Master fails, the Backup automatically and
transparently takes over all the roles of the Master. This ensures that your network is
consistently protected by a Safe@Office appliance and connected to the Internet.
The gateways in a HA cluster each have a separate IP address within the local network. In
addition, the gateways share a single virtual IP address, which is the default gateway
address for the local network. Control of the virtual IP address is passed as follows:
1. Each gateway is assigned a priority, which determines the gateway's role: the
gateway with the highest priority is the "Active Gateway" and uses the virtual
IP address, and the rest of the gateways are "Passive Gateways".
2. The Active Gateway sends periodic signals, or “heartbeats”, to the network via
a synchronization interface.
The synchronization interface can be any internal network or bridge existing on both
gateways, except the WAN interface and the primary WLAN.
3. If the heartbeat from the Active Gateway stops (indicating that the Active
Gateway has failed), the gateway with the highest priority becomes the new
Active Gateway and takes over the virtual IP address.
Configuring High Availability