Chapter 41 Device HA
ZyWALL/USG Series User’s Guide
708
41.2 Device HA General
Active-Passive Mode
• Active-passive mode lets a backup ZyWALL/USG take over if the master ZyWALL/USG fails.
• The ZyWALL/USGs must be set to use the same Device HA mode (active-passive).
Management Access
You can configure a separate management IP address for each interface. You can use it to access
the ZyWALL/USG for management whether the ZyWALL/USG is the master or a backup. The
management IP address should be in the same subnet as the interface IP address.
Synchronization
Use synchronization to have a backup ZyWALL/USG copy the master ZyWALL/USG’s configuration,
signatures (anti-virus, IDP/application patrol, and system protect), and certificates.
Note: Only ZyWALL/USGs of the same model and firmware version can synchronize.
Otherwise you must manually configure the master ZyWALL/USG’s settings on the backup (by
editing copies of the configuration files in a text editor for example).
Finding Out More
•See Section 41.6 on page 719 for Device HA background/technical information.
41.2.1 Before You Begin
• Configure a static IP address for each interface that you will have Device HA monitor.
Note: Subscribe to services on the backup ZyWALL/USG before synchronizing it with the
master ZyWALL/USG.
Synchronization includes updates for services to which the master and backup ZyWALL/USGs are
both subscribed. For example, a backup subscribed to IDP/AppPatrol, but not anti-virus, gets IDP/
AppPatrol updates from the master, but not anti-virus updates. It is highly recommended to
subscribe the master and backup ZyWALL/USGs to the same services.
The Configuration > Device HA General screen lets you enable or disable Device HA, and
displays which Device HA mode the ZyWALL/USG is set to use along with a summary of the
monitored interfaces.
Click on the icons to go to the OneSecurity.com website where there is guidance on configuration
walkthroughs, troubleshooting, and other information.
To Next Page
Loading...
