Product ManualXG-7100-1U
5. Check the boxes for each area to synchronize to the secondary node. For this guide, as with most configurations,
all boxes are checked.
6. Click Save
As a quick confirmation that the synchronization worked, on the secondary node navigate to Firewall > Rules on the
SYNC tab. The rules entered on the primary are now there, and the temporary rule is gone.
The two nodes are now linked for configuration synchronization! Changes made to the primary node in supported
areas will be synchronized to the secondary whenever a change is made.
Warning: Do not make changes to the secondary in areas set to be synchronized! These changes will be over-
written the next time the primary node performs a synchronization.
2.2.4 Add CARP VIPs
Now that the configuration synchronization is complete, the CARP Virtual IP addresses need only be added to the
primary node and they will be automatically copied to the secondary. For this demonstration, two CARP VIPs will be
added: One for WAN, and one for LAN.
1. Navigate to Firewall > Virtual IPs on the primary node.
2. Click at the top of the list to create a new VIP
3. Set Type to CARP
4. Set Interface to WAN
5. Enter the WAN CARP VIP into the IP Address(es) section Address box and pick the appropriate subnet mask.
For this example, enter 198.51.100.200 and 24 (See WAN IP Address Assignments).
6. Enter a random password in Virtual IP Password. This need only match between the two nodes, which will be
handled by synchronization.
7. Select an unused VHID Group as determined in Determine CARP VHID Availability.
Note: A common tactic is to make the VHID match the last octet of the IP address, so in this case 200 would
be chosen.
8. Set the Advertising Frequency to a Base of 1 and a Skew of 0. This value will be automatically adjusted when
it is copied to the secondary.
9. Enter a Description such as WAN CARP VIP.
10. Click Save
11. Click Apply Changes
The Base and Skew together determine how often a CARP heartbeat is sent. The value of Base adds whole seconds
and should match between the two nodes. The Skew value adds 1/256th of a second increments. The primary node
should always have a Skew of 0 or 1. The secondary node must be higher, typically 100+. That adjustment is handled
automatically by the configuration synchronization process.
Note: If CARP appears to be too sensitive to latency on a given network, adjusting the Base by adding one second at
a time is recommended until stability is achieved.
2.2. Configuring a HA Cluster 54
To Next Page
Loading...
