We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

How to Configure a Private Uplink for a High Availability Cluster

  • Last updated on

After setting up an HA cluster, you can also configure a private uplink to safeguard against failure of the switch connecting the two HA units. For the private uplink, you must configure a network (at least 2-bit) as a subnet and configure the NextGen Firewall F-Series to use this connection to send the HA sync packets.

HA-private_uplink.png

Before You Begin

  • Barracuda Networks recommends directly connecting both firewalls with a crossover cable for the private uplink.
  • A /30 network is required. E.g., 172.16.16.0/30

Step 1. Define the Alternative HA IP Address for the Primary Firewall

  1. Log into the primary NextGen Firewall F-Series.
  2. Go to CONFIGURATION > Configuration Tree > Box > Network.
  3. Click Lock.
  4. In the left menu, expand the Configuration Mode section and click Switch to Advanced View.
  5. Click +  to add the private IP address as an Additional Local IP. The IP Address Configuration window opens.
    • Interface Name Select the interface the crossover cable is connected to. 
    • IP Address – Enter the Alternative HA IP address for the unit. E.g., 172.16.16.1
    • Associated Netmask – Select /30
    • Responds to Ping – Set to yes
    • Management IP – Set to yes
    Private_Uplink_01.png
  6. Click OK.
  7. Click Send Changes and Activate.

Step 2. Define the Alternative HA IP Address for the Secondary Firewall

  1. Log into the primary NextGen Firewall F-Series.
  2. Go to CONFIGURATION > Configuration Tree > Box > HA Box > HA Network.
  3. Click Lock.
  4. Click +  to add the private IP as an Additional Local IP.
  5. Enter a Name and click OK. The IP Address Configuration window opens.
    • Interface Name Select the interface the crossover cable is connected to. 
    • IP Address – Enter the Alternative HA IP address for the unit. E.g., 172.16.16.2 for the secondary unit.
    • Associated Netmask – Select /30
    • Responds to Ping – Set to yes
    • Management IP – Set to yes.
    Pirvate_Uplink_02.png
  6. Click OK.
  7. Click Send Changes and Activate.

Step 3. Activate the Private Uplink

For the HA sync to work over the private link, you must associate the private link IPs with the corresponding management IP addresses.

  1. Go to CONFIGURATION > Configuration Tree > Box > Infrastructure Services > Control.
  2. Click Lock.
  3. In the HA Monitoring Parameters section, add entries for the primary unit and secondary unit:
    • Translated HA IP – Enter the management IP address E.g., 10.0.10.20 for the primary unit 
    • Alternative HA IP – Enter the additional local network IP of the unit. E.g., 172.16.16.1 for the primary unit
    • Usage Policy – Select Use Both to send the HA sync and heartbeat over both the management IP link and the private uplink. Alternatively, select Use Alternative only to only use the private uplink.
    Private_Uplink_02.png
    Private_Uplink_03.png
  4. Click OK.
  5. Click Send Changes and Activate.

Private_Uplink_04.png

Step 4. Add the Alternative HA IP Address to the ACL List

To grant administrative access rights for Alternative HA IP address usage, add the Alternative HA IP address to the ACL list.

  1. Go to CONFIGURATION > Configuration Tree > Box > Administrative Settings.
  2. Click Lock.
  3. In the Access Control List section, add the /30 network containing the alternative HA IP addresses.
    Private_Uplink_05.png
  4. Click Send Changes and Activate.

Step 5. Activate the Network Configuration

Activate the network configuration on the primary and secondary NextGen Firewall F-Series.

  1. Go to CONTROL > Box.
  2. In the menu, expand Network and click Activate new network configuration.
    Standalone_HA_06.png
  3. Select Failsafe as the activation mode.
Last updated on