It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

How to Perform a Manual High Availability Failover

  • Last updated on

In an HA setup, the primary CloudGen Firewall stays active until a serious problem occurs. If virtual servers and services must be shut down (for example, for system maintenance), you can do a manual failover to transfer all virtual servers to the secondary (backup) unit. Block the virtual server on the primary unit to shut down the Control service. The Control service will send a signal to the secondary unit that tells it to start its virtual server. Then, stop the virtual server on the primary unit to enable the Control service to restart it automatically if the secondary unit goes down. This mechanism works identically for an HA pair that is managed by a Barracuda Firewall Control Center and a stand-alone HA pair.

Perform a High Availability Failover when the Primary Unit is Active

Block the virtual server on the primary unit to shut down the Control service and initiate the failover. After the failover, start the control service for the primary firewall to be able to take over the virtual server in case of failure.

Before You Begin
  • Go to DASHBOARD > Firewall and verfiy that in the Networking Services element the HA Session Sync is active and in a green state.
    db_fwl_05.png
  • On the primary firewall, go to the Control > Server page and verify the Status is primary.
    ha_manual_failover_9.png
  • On the secondary firewall, go to the Control > Server page and verify the Status is standby. If the Status is blocked, click Stop Server.
    ha_manual_failover_10.png
Step 1. Block the Virtual Server on the Primary Unit
  1. Log into the primary unit.
  2. Go to the Control > Server page.
  3. In the Server Status section, select the virtual server and click Block Server.
    ha_manual_failover_01.png

On the primary firewall, the virtual server Status column shows block. On the secondary firewall, the virtual server Status shows secondary.

  • The virtual server is now running on the secondary firewall.
  • The primary firewall is blocked and cannot take over the virtual server in case the secondary firewall fails.

Primary Firewall

ha_manual_failover_02.png

Secondary Firewall

ha_manual_failover_02a.png

Step 2. Put the Primary Firewall in Standby

Stop the virtual server on the primary firewall to be able to take over the virtual server in case the secondary firewall fails.

  1. Log into the primary firewall.
  2. Go to CONTROL > Server.
  3. In the Server Status section, select the virtual server and click Stop Server.

    ha_manual_failover_04.png

On the primary firewall, the virtual server Status column shows down. On the secondary firewall, the virtual server Status shows secondary.

  • The virtual server is still running on the secondary firewall.
  • The primary firewall is ready to take over the virtual server in case the secondary firewall fails.

Primary Firewall

ha_manual_failover_04a.png

Secondary Firewall

ha_manual_failover_03.png

Perform a High Availability Failover when the Secondary Unit is Active

To perform a manual failover when the secondary unit is active, block and stop the virtual server on the secondary unit.

Before you Begin
  • On the primary firewall, go to the Control > Server page and verify the Status is down. If the Status is blocked, click Stop Server.
    ha_manual_failover_04a.png
  • On the secondary firewall, go to the Control > Server page and verify the Status is secondary.

    ha_manual_failover_03.png

Step 1. Block the Virtual Server on the Secondary Unit
  1. Log into the secondary firewall.
  2. Go to the Control > Server page.
  3. In the Server Status section, select the virtual server and click Block Server.
    ha_manual_failover_5.png

On the secondary firewall, the virtual server Status column shows block. On the primary firewall, the virtual server Status shows primary.

  • The virtual server is now running on the primary firewall.
  • The secondary firewall is blocked and cannot take over the virtual server in case the primary firewall fails.

Primary Firewall

ha_manual_failover_6.png

Secondary Firewall

ha_manual_failover_7.png

Step 2. Put the Secondary Firewall in Standby

Stop the virtual server on the secondary firewall to be able to take over the virtual server in case the primary firewall fails.

  1. Log into the secondary firewall.
  2. Go to CONTROL > Server.
  3. In the Server Status section, select the virtual server and click Stop Server.
    ha_manual_failover_8.png

On the secondary firewall, the virtual server Status column shows standby. On the primary firewall, the virtual server Status shows primary.

  • The virtual server is still running on the primary firewall.
  • The secondary firewall is ready to take over the virtual server in case the primary firewall fails.

Primary Firewall

ha_manual_failover_9.png

 Secondary Firewall

ha_manual_failover_10.png