Mettle Knowledge
Search:     Advanced search
Browse by category:

Setting Up Mettle SE Stack for Active/Passive Fail-Over

Views: 1756
Votes: 0
Posted: 18 Jun, 2012
by: Knowledge M.
Updated: 03 Aug, 2012
by: Knowledge M.

Here we configure a two cluster Mettle SE fail-over stack configuration with fail over for LAN and WAN interfaces.

Prerequisites:

  1. Two Mettle SE devices, Master and Slave
  2. 3 IP addresses in local Network for using in LAN side. (One is a floating IP address)
  3. 3 IP addresses in WAN Network for using in WAN side.(One is a floating IP address)
  4. 2 IP private addresses to synchronise two Mettle SE devices.
  5. One dedicated interface in Mettle SEs for Synchronising (SYNC)

Configuration Steps:

Create a SYNC Interface (In both Mettle SE devices):

  1. Go to System >> Interfaces Interfaces Assignment. Assign a free OPT interface as SYNC interface
  2. Connect SYNC interfaces of each Mettle SE's together with a crossover cable
  3. Give SYNC interfaces two unique IP addresses of a network range not used anywhere.
  4. Create a firewall rules in both Mettle SE devices to allow all traffic between SYNC interfaces.

 Configure Virtual IPs (In Master Mettle SE):

  1. Go to Tools >> Virtual Addresses >> Add New
  2. Type - select CARP
  3. Interface - select WAN
  4. IP Address(es) - enter floating IP address reserved for WAN with the correct CDIR value
  5. Virtual IP Password - enter a password
  6. VHID Group - enter VHID group number set as 1, or 2 if this is the second CARP VirtualIP.
  7. Advertising Frequency - should be 0
  8. Description - enter a description for this set of configuration.
  9. Click on 'Save'
  10. Repeat this same procedure for LAN also, incrementing 'VHID Group'
  11. Apply Settings.

CARP configuration in Master Mettle SE:

  1. Go to System >> Mettle SE Stack

State Synchronization Settings

  1. Check 'Synchronize State
  2. Use SYNC as 'Synchronize Interface'
  3. Enter synchronise peer IP address

Configuration Synchronization Settings

  1. Synchronize Config to IP - Enter the IP address of the firewall to which the selected configuration sections should be synchronized.
    NOTE: Configuration sync is currently only supported over connections using the same protocol and port as this system - make sure the remote system's port and protocol are set accordingly!
    NOTE: Do not use the Synchronize Config to IP and password option on backup cluster members!
  2. Remote System Username - Enter the webConfigurator username of the system entered above for synchronizing your configuration. NOTE: Do not use the Synchronize Config to IP and username option on backup cluster members!
  3. Remote System Password - Enter the webConfigurator password of the system entered above for synchronizing your configuration. NOTE: Do not use the Synchronize Config to IP and password option on backup cluster members!
  4. Synchronize Users and Groups - When this option is enabled, this system will automatically sync the users and groups over to the other CARP host when changes are made.
  5. Synchronize Certificates - When this option is enabled, this system will automatically sync the Certificate Authorities, Certificates, and Certificate Revocation Lists over to the other CARP host when changes are made.
  6. Check 'Synchronize Rules'
  7. Check 'Synchronize Firewall Schedules'
  8. Check 'Synchronize Aliases'
  9. Check 'Synchronize NAT'
  10. Check 'Synchronize IPsec'
  11. Check 'Synchronize Wake on LAN'
  12. Check 'Synchronize Static Routes'
  13. Check 'Synchronize Load Balancer'
  14. Check 'Synchronize Virtual IPs'
  15. Check 'Synchronize Traffic Shaper'
  16. Check 'Synchronize DNS Forwarder'
  17. Synchronize to IP - Enter the IP address of the SYNC interface of slave Mettle SE
  18. Enter the WebGui password of Slave Mettle SE in 'Remote System Password'
  19. Click on 'Save'

CARP configuration in Slave Mettle SE:

  1. Go to System >> Mettle SE Stack
  2. Check 'Synchronize Enabled'
  3. Synchronise Interface - Select the SYNC interface created earlier
  4. Save


Verify Settings:

  1. Take Monitoring >> Mettle SE >> Mettle SE Stack
  2. Master should show both Virtual IP as MASTER
  3. Slave should show both Virtual IP as BACKUP


Additional Settings for CARP:

NAT

  1. NAT should use CARP virtual IP address as outgoing IP address instead of WAN IP address.
  2. Edit NAT rule and change 'Translation' to CARP IP address

DHCP Master

  1. DHCP should send LAN-CARP address as DNS and GATEWAY addresses.
  2. 'Failover Peer IP' should be the real IP address of slave.

DHCP Slave

  1. DHCP should send LAN-CARP address as DNS and GATEWAY addresses.
  2. 'Failover Peer IP' should be the real IP address of Master Mettle SE.
Others in this Category
document Monitoring The Internet Usage
document Fine Tuning The Content Scanner
document Connecting & Securing a Leased Line Connection to Mettle SE
document Blocking GTalk in the LAN
document Blocking Yahoo! IM from the LAN
document NTP Client/Server
document Captive Portal
document Virtual IP Address
document Creating Tagged VLANs
document Wake On LAN
document Changing default Web UI Port and Protocol
document Mettle SE Module Updates
document Mettle SE Log Graphs
document Backup and Restore Mettle SE Running Configuration
document Remote Event Logging To Remote Syslog Server
document Dynamic DNS Client
document LDAP Server Configuration
document Gateway Antivirus: Basic configuration



RSS