Solved

Experience with Active/Active Clustering on Sonicwall NSA Firewalls

Posted on 2014-07-25
3
1,038 Views
Last Modified: 2014-07-28
Does anyone have any experience with running a pair of SonicWall's in an Active/Active Configuration?

We are thinking of adding another unit to make a pair to add extra performance with our new internet connection while adding some redundancy.

Does it work well?
How is the failover/failback?
Do you get close to the combined throughput of both units?
Any gotchas?
0
Comment
Question by:PerimeterIT
  • 2
3 Comments
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 40221584
Can you please describe your current setup including model numbers and bandwidth information? Also which security packages on the sonicwall you use and any other firewall/Ids/gav/etc devices.
0
 
LVL 1

Author Comment

by:PerimeterIT
ID: 40222050
We have a pair of NSA 3500's with the HA license.
Its for a 1gb/s sync internet connection, expecting 2500 simultaneous connections.

This is a temporary project, and throughput is essential. We have disabled IPS and all scanning functionality. Security wise we are happy with a basic firewall/NAT.
0
 
LVL 38

Accepted Solution

by:
Aaron Tomosky earned 500 total points
ID: 40222108
I assume you have see this:
http://www.sonicwall.com/downloads/SonicOS_5.6.5_Active-Active_Clustering.pdf

My personal experience doesn't get into active active clusters but I will say that sonicwall performance is 1/2 of stated in all cases I've experienced e.g. if it can handle 500mbps up and 500mbps down they state that as 1gbps.
The isd throughput is also 1/2 again (so 1/4 of stated)  in default high/medium/low threat detection. To get back up to 1/2 of stated you have to switch to "performance mode" which doesn't look for low value threats.

Anyway the point of all this is You may not get 1gbps up and down even with two 3500s in a cluster.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now