In an HA setup, the primary CloudGen Firewall stays active until a serious problem occurs. If virtual servers and services must be shut down (for example, for system maintenance), you can do a manual failover to transfer all virtual servers to the secondary (backup) unit. Block the virtual server on the primary unit to shut down the Control service. The Control service will send a signal to the secondary unit that tells it to start its virtual server. Then, stop the virtual server on the primary unit to enable the Control service to restart it automatically if the secondary unit goes down. This mechanism works identically for an HA pair that is managed by a Barracuda Firewall Control Center and a stand-alone HA pair.
Perform a High Availability Failover when the Primary Unit is Active
Block the virtual server on the primary unit to shut down the Control service and initiate the failover. After the failover, start the control service for the primary firewall to be able to take over the virtual server in case of failure.
Before You Begin
- Go to DASHBOARD > Firewall and verfiy that in the Networking Services element the HA Session Sync is active and in a green state.
- On the primary firewall, go to the Control > Server page and verify the Status is primary.
- On the secondary firewall, go to the Control > Server page and verify the Status is standby. If the Status is blocked, click Stop Server.
Step 1. Block the Virtual Server on the Primary Unit
- Log into the primary unit.
- Go to the Control > Server page.
In the Server Status section, select the virtual server and click Block Server.
On the primary firewall, the virtual server Status column shows block. On the secondary firewall, the virtual server Status shows secondary.
- The virtual server is now running on the secondary firewall.
- The primary firewall is blocked and cannot take over the virtual server in case the secondary firewall fails.
Primary Firewall
Secondary Firewall
Step 2. Put the Primary Firewall in Standby
Stop the virtual server on the primary firewall to be able to take over the virtual server in case the secondary firewall fails.
- Log into the primary firewall.
- Go to CONTROL > Server.
- In the Server Status section, select the virtual server and click Stop Server.
On the primary firewall, the virtual server Status column shows down. On the secondary firewall, the virtual server Status shows secondary.
- The virtual server is still running on the secondary firewall.
- The primary firewall is ready to take over the virtual server in case the secondary firewall fails.
Primary Firewall
Secondary Firewall
Perform a High Availability Failover when the Secondary Unit is Active
To perform a manual failover when the secondary unit is active, block and stop the virtual server on the secondary unit.
Before you Begin
- On the primary firewall, go to the Control > Server page and verify the Status is down. If the Status is blocked, click Stop Server.
- On the secondary firewall, go to the Control > Server page and verify the Status is secondary.
Step 1. Block the Virtual Server on the Secondary Unit
- Log into the secondary firewall.
- Go to the Control > Server page.
In the Server Status section, select the virtual server and click Block Server.
On the secondary firewall, the virtual server Status column shows block. On the primary firewall, the virtual server Status shows primary.
- The virtual server is now running on the primary firewall.
- The secondary firewall is blocked and cannot take over the virtual server in case the primary firewall fails.
Primary Firewall
Secondary Firewall
Step 2. Put the Secondary Firewall in Standby
Stop the virtual server on the secondary firewall to be able to take over the virtual server in case the primary firewall fails.
- Log into the secondary firewall.
- Go to CONTROL > Server.
- In the Server Status section, select the virtual server and click Stop Server.
On the secondary firewall, the virtual server Status column shows standby. On the primary firewall, the virtual server Status shows primary.
- The virtual server is still running on the primary firewall.
- The secondary firewall is ready to take over the virtual server in case the primary firewall fails.
Primary Firewall
Secondary Firewall