SonicWALL 5.8.1 Manuale Utente

In the Primary IP Address field, enter the unique LAN management IP address of the Primary 
unit.

In the Backup IP Address field, enter the unique LAN management IP address of the Backup 
unit.

Select the Allow Management on Primary/Backup IP Address checkbox. When this option 
is enabled for an interface, a green icon appears in the interface’s Management column in the 
Monitoring Settings table on the High Availability > Monitoring page. Management is only 
allowed on an interface when this option is enabled.

In the Logical Probe IP Address field, enter the IP address of a downstream device on the 
LAN network that should be monitored for connectivity. Typically, this should be a downstream 
router or server. (If probing is desired on the WAN side, an upstream device should be used.) 
The Primary and Backup appliances will regularly ping this probe IP address. If both can 
successfully ping the target, no failover occurs. If neither can successfully ping the target, no 
failover occurs, because it is assumed that the problem is with the target, and not the 
SonicWALL appliances. But, if one appliance can ping the target but the other appliance 
cannot, failover will occur to the appliance that can ping the target.

The Primary IP Address and Backup IP Address fields must be configured with independent 
IP addresses on a LAN interface, such as X0, (or a WAN interface, such as X1, for probing on 
the WAN) to allow logical probing to function correctly.

Optionally, to manually specify the virtual MAC address for the interface, select Override 
Virtual MAC and enter the MAC address in the field. The format for the MAC address is six 
pairs of hexadecimal numbers separated by colons, such as A1:B2:C3:d4:e5:f6. Care must be 
taken when choosing the Virtual MAC address to prevent configuration errors. 

When the Enable Virtual MAC checkbox is selected on the High Availability> Advanced 
page, the SonicOS firmware automatically generates a Virtual MAC address for all interfaces. 
Allowing the SonicOS firmware to generate the Virtual MAC address eliminates the possibility 
of configuration errors and ensures the uniqueness of the Virtual MAC address, which prevents 
possible conflicts.

Click OK.

To configure monitoring on any of the other interfaces, repeat the above steps.

When finished with all High Availability configuration, click Accept. All settings will be 
synchronized to the Idle unit automatically.

Once you finish configuring the High Availability settings on the Primary SonicWALL security 
appliance and click the Accept button, the Primary will automatically synchronize the settings 
to the Backup unit, causing the Backup to reboot. You do not need to click the Synchronize 
Settings button. 

Later, when you click Synchronize Settings, it means that you are initiating a full manual 
synchronization and the Backup will reboot after synchronizing the preferences. You should 
see a HA Peer Firewall has been updated message at the bottom of the management 
interface page. Note that the regular Primary-initiated synchronization (automatic, not manual) 
is an incremental sync, and does not cause the Backup to reboot.

By default, the Include Certificate/Keys setting is enabled. This specifies that Certificates, 
CRLs and associated settings (such as CRL auto-import URLs and OCSP settings) are 
synchronized between the Primary and Backup units. When Local Certificates are copied to the 
Backup unit, the associated Private Keys are also copied. Because the connection between the 
Primary and Backup units is typically protected, this is generally not a security concern.