User manual
The heartbeat mechanism is discussed below in more depth in Section 11.2, “HA Mechanisms”.
Cluster Management
An HA Cluster of two NetDefend Firewalls is managed as a single unit with a unique cluster name
which appears in the management interface as a single logical NetDefend Firewall. Administration
operations such as changing rules in the IP rule set are carried out as normal with the changes
automatically being made to the configurations of both the master and the slave.
Load-sharing
D-Link HA clusters do not provide load-sharing since only one unit will be active while the other is
inactive and only two NetDefend Firewalls, the master and the slave, can exist in a single cluster.
The only processing role that the inactive unit plays is to replicate the state of the active unit and to
take over all traffic processing if it detects the active unit is not responding.
Hardware Duplication
D-Link HA will only operate between two NetDefend Firewalls. As the internal operation of
different firewall manufacturer's software is completely dissimilar, there is no common method
available to communicating state information to a dissimilar device.
It is also strongly recommended that the NetDefend Firewalls used in cluster have identical
configurations. They must also have identical licenses which allow identical capabilities including
the ability to run in an HA cluster.
Extending Redundancy
Implementing an HA Cluster will eliminate one of the points of failure in a network. Routers,
switches and Internet connections can remain as potential points of failure and redundancy for these
should also be considered.
Licensing
HA requires that the NetDefendOS licenses in both the master and slave units have their HA
parameter set to enabled. HA will not function at all if either or both units in a cluster are operating
in the 2 hour demonstration mode. NetDefendOS enters demonstration mode automatically if no
valid license at all is present.
11.1. Overview Chapter 11. High Availability
423










