ZyXEL Communications 1000 Manuel D’Utilisation

Page de 1075
Chapter 39 Device HA
ZyWALL USG 1000 User’s Guide
668
• Legacy mode allows for more complex relationships between the master and 
backup ZyWALLs, such as active-active or using different ZyWALLs as the 
master ZyWALL for individual interfaces. Legacy mode configuration involves a 
greater degree of complexity. Active-passive mode is recommended for general 
failover deployments.
• The ZyWALLs must all support and be set to use the same device HA mode 
(either active-passive or legacy). 
Management Access
You can configure a separate management IP address for each interface. You can 
use it to access the ZyWALL for management whether the ZyWALL is the master 
or a backup. The management IP address should be in the same subnet as the 
interface IP address. 
Synchronization
Use synchronization to have a backup ZyWALL copy the master ZyWALL’s 
configuration, signatures (anti-virus, IDP/application patrol, and system protect), 
and certificates.
Note: Only ZyWALLs of the same model and firmware version can synchronize.
Otherwise you must manually configure the master ZyWALL’s settings on the 
backup (by editing copies of the configuration files in a text editor for example).
Finding Out More
• See 
 for related information on these screens.
• See 
 for device HA background/technical information.
• See 
 for an example of using device HA.
39.1.3  Before You Begin
• Configure a static IP address for each interface that you will have device HA 
monitor. 
Note: Subscribe to services on the backup ZyWALL before synchronizing it with the 
master ZyWALL.
• Synchronization includes updates for services to which the master and backup 
ZyWALLs are both subscribed. For example, a backup subscribed to IDP/
AppPatrol, but not anti-virus, gets IDP/AppPatrol updates from the master, but 
not anti-virus updates. It is highly recommended to subscribe the master and 
backup ZyWALLs to the same services.