Solved

Experience with Active/Active Clustering on Sonicwall NSA Firewalls

Posted on 2014-07-25
3
1,055 Views
Last Modified: 2014-07-28
Does anyone have any experience with running a pair of SonicWall's in an Active/Active Configuration?

We are thinking of adding another unit to make a pair to add extra performance with our new internet connection while adding some redundancy.

Does it work well?
How is the failover/failback?
Do you get close to the combined throughput of both units?
Any gotchas?
0
Comment
Question by:PerimeterIT
  • 2
3 Comments
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 40221584
Can you please describe your current setup including model numbers and bandwidth information? Also which security packages on the sonicwall you use and any other firewall/Ids/gav/etc devices.
0
 
LVL 1

Author Comment

by:PerimeterIT
ID: 40222050
We have a pair of NSA 3500's with the HA license.
Its for a 1gb/s sync internet connection, expecting 2500 simultaneous connections.

This is a temporary project, and throughput is essential. We have disabled IPS and all scanning functionality. Security wise we are happy with a basic firewall/NAT.
0
 
LVL 38

Accepted Solution

by:
Aaron Tomosky earned 500 total points
ID: 40222108
I assume you have see this:
http://www.sonicwall.com/downloads/SonicOS_5.6.5_Active-Active_Clustering.pdf

My personal experience doesn't get into active active clusters but I will say that sonicwall performance is 1/2 of stated in all cases I've experienced e.g. if it can handle 500mbps up and 500mbps down they state that as 1gbps.
The isd throughput is also 1/2 again (so 1/4 of stated)  in default high/medium/low threat detection. To get back up to 1/2 of stated you have to switch to "performance mode" which doesn't look for low value threats.

Anyway the point of all this is You may not get 1gbps up and down even with two 3500s in a cluster.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now