It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Barracuda Campus
Barracuda CloudGen Firewall
Overview Documentation Training Certification Materials

How to Enable HA Auto-Pairing for Two Stand-Alone Firewalls and Two Control Centers

  • Last updated on

This article describes the steps to enable HA auto-pairing for two stand-alone firewalls or for two Control Centers.

The following instructions also apply to Control Centers in the same way.

Before You Begin

  • The following instructions assume that you have two new identical hardware firewall models.
  • These two firewalls must be pre-installed from the factory with firmware release 8.2.1.
  • The LAN where these two boxes are attached has the network address 10.0.0.0/24.
  • Both firewalls have a management IP that is accessible from Firewall Admin on your LAN, e.g., Firewall 1 = 10.0.0.2/32, Firewall 2 = 10.0.0.1/32. Replace these management IP addresses to match your individual requirements.
  • Ensure that you have a network cable to connect the two firewalls when instructed.

private_uplink_01.png

How to Enable HA Auto-Pairing for Two Stand-Alone Firewalls or for Two Control Centers

Step 1. (if not done already): Deploy Both Firewalls
  1. For more information, see Get Started.
  2. After finishing the deployment, go to CONFIGURATION > Configuration Tree.
Step 2. Connect the Two Firewalls with an Uplink Cable
  1. Take the network cable and plug it into port p5 on each firewall.
  2. Because HA auto-pairing is already activated on new 8.2.1 appliances, the firewalls will immediately try to establish a connection through port p5.
  3. Log into the firewall that you want to be the future primary HA firewall. In this example, we assume that the firewall with MIP 10.0.0.2 (Firewall 1) will be the primary one.
  4. Locate the serial number of your secondary firewall (Firewall 2, MIP 10.0.0.1).
  5. On your primary firewall, go to CONFIGURATION > Configuration Tree > Box > Properties > Identification.
  6. Enter the serial number from your secondary firewall in the edit field Secondary Serial Number of section Product and Model.
    auto_pairing_serial_for_secondary_entered.png
  7. Click Send Changes/Activate.
  8. The firewalls will now exchange the remaining information to complete the pairing.
  9. On your primary firewall, go to CONFIGURATION > Configuration Tree.
  10. After about 5 minutes, reload the Configuration Tree.
  11. If the configuration tree displays HA Cluster (Primary), this will indicate that your firewalls have completed HA auto-pairing.
    auto_pairing_modified_config_tree_entry.png
  12. When you inspect the configuration of interfaces and IP addresses, the related list in CONTROL > Network > Interfaces/IPs will display the "new" common MIP of the HA pair, which is now a shared IP address (here: 10.0.0.2/32, CSC), and the two IP addresses of the HA uplink (in the screenshot below, the entry 'eth3' or 'p5' depending on the firewall type), where one is the new technical MIP (169.254.128.1, mip0):
    auto_pairing_interfaces_and_ips_after_pairing.png

The following screenshot shows the HA pair after the pairing process. The assigned services on firewall 1 are now paused and will be activated during the next failover:

private_uplink_02.png