It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

Monitoring, Managing, and Rebuilding HA Clusters

  • Last updated on

Manage configuration updates and monitoring for your HA clusters. Configuration changes on the primary unit are transferred instantly to the secondary unit. The sync status can be viewed from Barracuda Firewall Admin. If the primary unit fails, configuration changes must be made on the secondary unit. After the primary unit is re-established, synchronization must be started manually.

Check the Services Status

  • On the primary and secondary unit:
    • Go to CONTROL > Services.
    • Verify that the status of the PRIMARY is Active and the status of the SECONDARY is Standby.

HA_state_down_secondary_01.png

When the primary unit goes down, both units change their state accordingly:

HA_state_up_secondary_01.png

HA Sync Status Setup

  1. Go to CONFIGURATION.
  2. Expand the State Info drop-down menu in the upper-right corner and click HA Sync.
    HA_monitoring_01.png
  3. In the HA Box Synchronization window, you have the option to trigger the following tasks:
    • Do Update Performs an incremental update.
    • Do Complete Update Performs a complete update.
    • Discard Update Discards the changes. This is needed when the two HA partners are in an inconsistent state.
    • Refresh – Refreshes the window to see actual changes (completion of update).

    ha_sync.png

This function is deactivated if the HA system is managed by a Barracuda Firewall Control Center. You can trigger HA box synchronization only via the Configuration Update page on the Control Center. For more information, see CC Configuration Updates.

Emergency Override

If the primary unit fails, configuration changes must be made on the secondary unit using the Emergency Override mode.

  1. Log into the secondary unit.
  2. From the Configuration Tree, right-click Box (Backup) and select Emergency Override.
    em_ovr.png
  3. When prompted, click Yes to enable the Emergency Override mode. When the Emergency Override mode is active, the box icon is highlighted in yellow.

    The Emergency Override mode is activated only for the current session. It must be reactivated for every new session.

  4. Lock and edit your configurations.

  5. Click Send Changes and Activate.

Manually Synchronize a Stand-Alone HA Pair

In Emergency Override mode, manually synchronize configurations from the secondary unit to the primary unit. After the connection to the primary unit is re-established, synchronization must be restarted manually. The following steps assume that services are still active on the secondary unit.

  1. On the primary unit, go to CONFIGURATION.
  2. From the service bar, expand the State Info icon and click HA Sync.
    HA_monitoring_01.png
  3. Select the Clear Dirty Status button.

    A restart of the Control Service or the CC-Conf Service can cause HA synchronization disruption. The synchronization process stops with the following error message:
    HA sync pending PAR ready (13223 kb) COMPLETE update; Can't send PAR file: - SYNC DIRTY: refuse PAR file: box itself has a pending HA update.

    In case of disruption, the .par file used in the synchronization process is not deleted from the file system in the final step. This disturbs the following synchronization process. Use the button Clear Dirty Status in the HA Sync window to restart HA sync.

  4. Open the Configuration Tree on the secondary unit and click HA Sync.
  5. Enter the IP addresses of the HA partners into the IP address fields of the HA Box Synchronization window.
  6. Click Do Update to transfer the configuration from the secondary unit to the primary unit.
  7. Enter the IP address of the primary unit into the HA Partner IP field.
  8. Enter the IP address of the secondary unit into the Sender IP to use field.
  9. Select the Change Address check boxes to the right of both fields.
  10. Click Do Complete Update.
  11. Block services on the secondary unit so that the primary unit can regain normal operation status.

Configure IP Address and Service Monitoring

To enable handling of failure conditions and to guarantee a quick takeover of services when a box or networking component becomes unavailable, configure the monitoring of IP addresses and services.

For more information, see HA-Monitoring .