Looking for a device or technique that can facilitate failover between 2 Sonicwall's (different models).

Hello, we have a Sonicwall NSA3500 and 1 high speed connection to our main office and are thinking about adding an NSA4600 and bumping the speed on our primary connection. And adding another connection and using the 3500 as a failover. So being that we can't use Sonicwall's purchased failover plan because it requires 2 identical firewall's we are wondering what techniques we might have available to us. How about the internal Sonicwall failover or a 3rd party hardware failover device (have seen a few of these - any recommendations would be welcome). A hot failover technique would be preffered.
Thanks in advance for any help or ideas.
540beemerAsked:
Who is Participating?
 
carlmdCommented:
The NSA3500 is obsolete and replaced by the NSA3600.

I suggest you consider upgrading the NSA3500 to a NSA4600 via Secure Upgrade Plus. The approximate cost for this is $6,600 with 2 year CGSS.

A second NSA4600 HA unit is about $3,150.

Not cheap, but the way to go.
0
 
N-WCommented:
From a cost perspective, you're better off purchasing another NSA3500. The internal Sonicwall failover/loadbalancing is for redundant WAN connections, not redundant firewalls.

If you were to buy a hardware failover device, that device itself would be a single point of failure which would defeat the purpose.

If you've already got an NSA3500 with high availability license, an additional NSA3500 really makes sense in this situation.
0
 
540beemerAuthor Commented:
OK, N-W, well.. I'm not that worried about cost just the best way, and in my experience the internet circuit  goes down much more frequently than the sonicwall and we have 2 independent circuits. So I want to be able to use the slower circuit and the 3500 to do offsite backups etc, and the 4600 to be the primary business circuit. If the primary circuit goes down however, I want to be able to switch over to the 3500 and at least provide service - even if a little slower. I have seen some devices Ecessa is one, that you can do exactly this on (inbound and outbound failover) but the folks I dealt with their weren't very friendly.. so my quest continues..
I do know that sonicwall provides a simple form of failover in all os-enh's but if I can find one that doesn't have to be manually changed out it would be my preferrence..
btw.. we did have a prolonged outage and we simply took the 4600 out of line and replaced it with a 3600 (which it replaced to begin with) with the exact same config. and it worked fine.
Cheers.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
540beemerAuthor Commented:
Thanks Carlmd - I already have a 4600 and to be honest it seems like sonicwall now dell has developed a way to sell more firewalls.. so I have a 3500 for 4 years and replace it with a 4600 and the 3500 just sits there. If you have like firewall's with like features, why wouldn't they let you run it even if you had to scale it back to basic services. something like the ecessa would cost about the same as a 4600.. ahh but next time I buy a new sonicwall I won't have to buy 2 (and for 10 locations). But if anyone has a better idea, I would love it..
cheers.
0
 
N-WCommented:
If you want automatic failover/loadbalancing for both of your internet connections, then just a single Sonicwall can achieve this. You just need to setup both WAN connections on the Sonicwall, put them in a load balancing group and ensure your main internet connection is set as the primary. With this setup, if a WAN link goes down it will automatically switch over to the other WAN link.

If you would like to achieve the above, plus high availability for the actual firewall itself, then you'll need to setup two identical Sonicwalls in an HA config and put a switch in between your WAN CPE and the Sonicwalls' WAN ports.
0
 
carlmdCommented:
Unfortunately Sonicwall makes the rules and has the ability to force the issue that only two identical Sonicwalls will do HA. Since you already have a 4600, then you could purchase a second HA unit for the $3,150. I doubt that anything else you might put together using other equipement would be cheaper, and probably not work as well.

Obvioulsy your other choice is to do exactly what you did, that is simply replace the 4600 with the 3500 should it fail. The manual HA option!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.