Netgate XG-7100-1U - System Software and Hardware Installation

To Next Page

To Previous Page

Product ManualXG-7100-1U

For example, the WAN ports of each node must connect to the same WAN switch, which then connects to the WAN

CPE/Modem/Upstream link. The LAN ports would all connect to the same LAN switch, and so on. The Sync

interface may be connected directly between the two nodes without a switch. See Example High Availability Cluster

for an example connection layout.

2.2 Conﬁguring a HA Cluster

Note: The WAN and LAN should be conﬁgured to static addresses prior to conﬁguring a HA Cluster. Please see

High Availability Prerequisites for IP address details.

This is the heart of the process, making the changes that will link the systems and allow them to function together.

2.2.1 Setup Sync Interface

Before proceeding, the Sync interfaces on the cluster nodes must be conﬁgured. Sync IP Address Assignments lists the

addresses to use for the Sync interfaces on each node.

1. Navigate to Interfaces and choose the interface to use on the SYNC port

2. Check Enable Interface

3. Enter SYNC for the Description

4. Set IPv4 Conﬁguration Type to Static IPv4

5. Set IPv4 address to 172.16.1.2 when conﬁguring the primary node, or 172.16.1.3 when conﬁguring

the secondary node

6. Select 24 for the subnet mask in the CIDR drop-down next to IPv4 address

7. Do not check Block private networks or Block bogon networks

8. Click Save

9. Click Apply Changes

Once that procedure has been completed on the primary node, perform it again on the secondary node with the

appropriate IPv4 address value. Remember they must be the same on both nodes.

After conﬁguring the sync interface, the interface assignments should have one labeled SYNC.

Add Firewall Rules for Synchronization

To complete the Sync interface conﬁguration, ﬁrewall rules must be added to both nodes to allow synchronization.

At a minimum, the ﬁrewall rules must pass the conﬁguration synchronization trafﬁc (by default, HTTPS on port 443)

and pfsync trafﬁc. In most cases, a simple “allow all” style rule is used. For this guide, both will be shown and it will

also serve as an indicator that synchronization is working.

On the primary node:

Set up a rule to allow conﬁguration synchronization:

1. Navigate to Firewall > Rules on the SYNC tab

2. Click at the top of the list to create a new rule

2.2. Conﬁguring a HA Cluster 51

Other manuals for Netgate XG-7100-1U