We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

How to Configure a Private Uplink for a HA Cluster

  • Last updated on

After setting up an HA cluster, you can also configure a private uplink to safeguard against failure of the switch connecting the two HA units. For the private uplink, you must configure a 2-bit network as a subnet and configure the NextGen Firewall F-Series to use this connection to send the HA sync packets.

HA-private_uplink.png

Before You Begin

  • Barracuda Networks recommends directly connecting both firewalls with a crossover cable for the private uplink.
  • A /30 network. E.g., 172.16.16.0/30

Step 1. Define Alternative HA IP Address for the Primary Unit

  1. Log into the primary NextGen Firewall F-Series.
  2. Go to CONFIGURATION > Configuration Tree > Box > Network.
  3. Click Lock.
  4. In the left menu, expand the Configuration Mode section and click Switch to Advanced View.
  5. Click +  to add the private IP address as an Additional Local IP. The IP Address Configuration window opens.
    • Interface Name Select the interface the crossover cable is connected to. 
    • IP Address – Enter the Alternative HA IP address for the unit. E.g., 172.16.16.1
    • Associated Netmask – Select /30
    • Responds to Ping – Set to yes
    • Management IP – Set to yes
    Private_Uplink_01.png
  6. Click OK.
  7. Click Send Changes and Activate.

Step 2. Define Alternative HA IP Address for the Secondary Unit

  1. Log into the primary NextGen Firewall F-Series.
  2. Go to CONFIGURATION > Configuration Tree > Box > HA Box > HA Network.
  3. Click Lock.
  4. In the left menu, expand the Configuration Mode section and click Switch to Advanced View.
  5. Click +  to add the private IP as an Additional Local IP. The IP Address Configuration window opens.
    • Interface Name Select the interface the crossover cable is connected to. 
    • IP Address – Enter the Alternative HA IP address for the unit. E.g., 172.16.16.2 for the secondary unit.
    • Associated Netmask – Select /30
    • Responds to Ping – Set to yes
    • Management IP – Set to yes
    Private_Uplink_01.png
  6. Click OK.
  7. Click Send Changes and Activate.

Step 3. Activate Network Configuration

Activate the network configuration.

  1. Go to CONTROL > Box.
  2. In the menu, expand Network and click Activate new network configuration.
    Standalone_HA_06.png
  3. Select Failsafe as the activation mode.

Step 2. Activate the Private Uplink

For the HA sync to work over the private link, you must associate the private link IPs with the corresponding management IP addresses.

  1. Go to CONFIGURATION > Configuration Tree > Box > Infrastructure Services > Control.
  2. Click Lock.
  3. In the HA Monitoring Parameters section, add entries for the primary unit and secondary unit:
    • Translated HA IP – Enter the management IP address E.g., 10.0.10.20 for the primary unit 
    • Alternative HA IP– Enter the additional local network IP of the unit. E.g., 172.16.16.1 for the primary unit
    • Usage Policy – Select Use Both to send the HA sync and heartbeat over both the management IP link and the private uplink. Alternatively, select Use Alternative only to only use the private uplink.
    Private_Uplink_02.png
    Private_Uplink_03.png
  4. Click OK.
  5. Click Send Changes and Activate.

Private_Uplink_04.png

Step 3. Add the Alternative HA IP to the ACL List

To grant administrative access rights for Alternative HA IP address usage, add the Alternative HA IP address to the ACL list:

  1. Go to CONFIGURATION > Configuration Tree > Box > Administrative Settings.
  2. Click Lock.
  3. In the Access Control List section, add the /30 network containing the alternative HA IP addresses.
    Private_Uplink_05.png
  4. Click Send Changes and Activate.

Step 4. Activate Network Configuration on the Primary and Secondary NextGen Firewall F-Series

Activate the network configuration on the primary and secondary NextGen Firewall F-Series.

  1. Go to CONTROL > Box.
  2. In the menu, expand Network and click Activate new network configuration.
    Standalone_HA_06.png
  3. Select Failsafe as the activation mode.
Last updated on