User guide
Chapter 3: Configuring Appliances for High Availability
36
High Availability Configuration Overview
Introduction Review the information in “High Availability Deployment” on page 37 before you
configure the appliance.
For more information on configuring your firewall policy, see “Configuring Firewall
Rules” on page 114.
Licensing Licensing for an HA configuration is identical to licensing for a non-HA appliance; each
individual appliance requests a single license from Site Protector (if you are using
SiteProtector to manage the appliance).
Limitations In HA mode, you cannot use adapter parameters as part of the firewall rules. You cannot
define protection domains based on adapter. Because the same traffic may flow on
different adapters in an HA environment, using adapter parameters may cause the two
HA partner appliances to become unsynchronized.
Important: In protection domain definitions, the Adapter option must be set to ‘Any’. In
constructed firewall rule definitions, you must select all adapters. In manually created
firewall rule definitions, the adapter keyword is invalid.
Proventia Manager You can view HA configurations in Proventia Manager, as well as manage policies and
updates, but ISS recommends you use SiteProtector to manage appliances in inline HA
configurations.
Note: ISS recommends that you configure both HA partner appliances to use the same
policies.
You can apply content updates and firmware updates serially so that one appliance is
always operational in order to maintain network connectivity, particularly when both
appliances are configured to fail closed.