It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Barracuda Campus
Barracuda CloudGen Firewall
Overview Documentation Training Certification Materials

How to Enable HA Auto-Pairing for Two Managed Firewalls

  • Last updated on

HA auto-pairing lets you extend a managed firewall to an HA pair of managed boxes. As of firmware release 8.2.1, HA auto-pairing is enabled by default and now supports automated pairing of managed firewalls. If you are using an earlier firmware release, you should not use the auto-pairing feature. Instead, apply the PAR file.

Before You Begin

  • Ensure you are familiar with the basic concept of HA auto-pairing. For more information, see HA Auto-Pairing.
  • Ensure your managed firewall has firmware 8.3.0 or higher and that the HA auto-pairing feature is enabled by default.
  • Ensure that both firewalls are connected via the private uplink cable on the HA port. For more information, see HA Auto-Pairing.

Enable HA Auto-Pairing for Two Managed Firewalls

Step 1 (Only for Virtual Appliances) Activate the HA Auto-Pairing Feature on Both Boxes

You can omit the following steps on hardware appliances because HA auto-pairing is already enabled.

  1. Log into your primary/(secondary) firewall.
  2. Go to CONFIGURATION > Configuration Tree > Box > Network.
  3. In the left menu bar, select Automatic HA Pairing.
  4. Click Lock.
  5. In the section Automatic HA Pairing, set Enable Automatic HA Pairing to yes.
  6. Select the interface from the list HA physical interface.
    enable_auto_pairing.png
  7. Click Send Changes/Activate.
  8. Repeat the previous steps on the secondary firewall.
Step 2. Create a DHA Configuration on the Primary Firewall
  1. On the primary firewall, go to CONFIGURATION > Configuration Tree > Multi Range > your range > your cluster > Boxes > your primary box.
  2. Right-click Box and select Create Secondary Box.
    ha_auto_pairing_create_secondary_box.png
Step 3. Add the Secondary Serial Number on the Primary Firewall
  1. Log into the primary firewall.
  2. Go to CONFIGURATION > Configuration Tree > Box > Properties > Identification.
  3. Click Lock.
  4. In the section Product and Model, enter the serial number of the secondary firewall in the field Secondary Serial Number.
  5. Click Send Changes/Activate.
    enter_serial_number.png
Step 4. On the Primary Firewall, Set the Management IP of the Secondary Firewall
  1. On the primary firewall, go to CONFIGURATION > Configuration Tree > Box > Network > IP Configuration.
  2. In the section Management Network and IPs, enter the management IP of the secondary firewall in the field Secondary Management IP.
    ha_auto_pairing_enter_secondary_mip.png
  3. Click Send Changes/Activate.
Step 5. Initiate a Network Activation on the Primary Firewall
  1. Log into your primary firewall.
  2. Go to CONTROL > Box > Network and click Activate new network configuration to initiate a network activation on the primary firewall.

 

Wait until the pairing is completed. You can also inspect the log-files box_Config.log and box_Control_daemon.log for details. You can identify all entries caused by HA auto-pairing by the prefix [AutoPairing].