We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

Monitoring, Managing, and Rebuilding HA Clusters

  • Last updated on

Manage configuration updates and monitoring for your HA clusters. Configuration changes on the primary unit are transferred instantly to the secondary unit. The sync status can be viewed from Barracuda Firewall Admin. If the primary unit fails, configuration changes must be made on the secondary unit. After the primary unit is re-established, synchronization must be started manually.

Check the Virtual Server HA Status

Check the server status on both HA units to verify that the virtual server has been assigned correctly.

  1. On the primary unit:
    • Go to CONTROL > Server.
    • In the Server Status table, verify that the Status column displays primary and the Status HA Partner column displays standby. The virtual server status color must be green.
  2. On the secondary unit:
    • Go to CONTROL > Server.
    • In the Server Status table, verify that the Status column displays standby and the Status HA Partner column displays primary

When the primary unit goes down, the secondary unit changes the Status column to secondary:

Primary Unit Active Secondary Unit Inactive
HA_state_up_primary.png HA_state_down_secondary.png
Primary Unit Virtual Server Blocked Secondary Unit Active
Standalone_HA_state_prim_blocked.png HA_state_up_secondary.png

HA Sync Status Setup

  1. Go to CONFIGURATION.
  2. Expand the State Info dropdown in the upper right-hand corner and click HA Sync.
    HA_monitoring_01.png
  3. In the HA Box Synchronization window you have the option to trigger the following tasks:
    • Do Update Performs an incremental update.
    • Do Complete Update Performs a complete update.
    • Discard Update Discards the changes. This is needed when the two HA partners are in an inconsistent state.
    • Refresh – Refreshes the window to see actual changes (completion of update).

    ha_sync.png

This function is deactivated if the HA system is managed by a Barracuda Firewall Control Center. You can only trigger HA box synchronization via the Configuration Update page on the Barracuda Firewall Control Center. For more information, see CC Configuration Updates

Emergency Override

If the primary unit fails, configuration changes must be made on the secondary unit using the Emergency Override mode.

  1. Log into the secondary unit.
  2. From the Configuration Tree, right-click Box (Backup) and select Emergency Override.
    em_ovr.png
  3. When prompted, click Yes to enable the Emergency Override mode. When the Emergency Override mode is active, the box icon is highlighted in yellow.

    The Emergency Override mode is activated only for the current session. It must be reactivated for every new session.

  4. Lock and edit your configurations.

  5. Click Send Changes and Activate.

Manually Synchronize a Standalone HA Pair

In Emergency Override mode, manually synchronize configurations from the secondary unit to the primary unit. After the connection to the primary unit is re-established, synchronization must be re-started manually. The following steps assume that services are still active on the secondary unit.

  1. On the primary unit, go to CONFIGURATION.
  2. From the service bar, expand the State Info icon and click HA Sync.
    HA_monitoring_01.png
  3. Select the Clear Dirty Status button.

    A restart of the Control Service or the CC-Conf Service can cause HA synchronization disruption. The synchronization process stops with the following error message:
    HA sync pending PAR ready (13223 kb) COMPLETE update; Can't send PAR file: - SYNC DIRTY: refuse PAR file: box itself has a pending HA update.

    In case of disruption, the .par file used in the synchronization process is not deleted from the file system in the final step. This disturbs the following synchronization process. Use the button Clear Dirty Status in the HA Sync window, to restart HA sync.

  4. Open the Configuration Tree on the secondary unit and click HA Sync.
  5. Enter the IP addresses of the HA partners into the IP address fields of the HA Box Synchronization window.
  6. Click Do Update to transfer the configuration from the secondary unit to the primary unit.
  7. Enter the IP address of the primary unit into the HA Partner IP field.
  8. Enter the IP address of the secondary unit into the Sender IP to use field.
  9. Select the  Change Address check boxes to the right of both fields.
  10. Click Do Complete Update.
  11. Block services on the secondary unit so that the primary unit can regain normal operation status.

Configure IP Address and Service Monitoring

To enable handling of failure conditions and to guarantee a quick takeover of services when a box or networking component becomes unavailable, configure the monitoring of IP addresses and services on the Virtual Server layer.

For more information, see Virtual Server Monitoring.

Last updated on