Bill H
asked on
sonicwall nsa2400 active/passive failover
hey guys,
we have one current sonicwall nsa 2400 firewall thats running. I have a second nsa 2400 i'd like to add now and configure it as the passive firewall. Can someone walk me through?
Thanks!
we have one current sonicwall nsa 2400 firewall thats running. I have a second nsa 2400 i'd like to add now and configure it as the passive firewall. Can someone walk me through?
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi,
It is a lengthy process and you have to do all the configurations on ASA firewall and then need to enable Failover on firewall and need to configure Failover .The cconfiguration should be as follows :
Inside Network
ASA#config t
ASA(Config-t)#inside network
ASA(Config-t)#nameif inside
ASA(config-t)#Security-lev el 100 (As it is inside network by default)
Outside Network
ASA#config t
ASA(Config-t)#outside network
ASA(Config-t)#nameif outside
ASA(config-t)#Security-lev el 0(As it is outside network by default)
If there is any DMZ network then as below :
ASA#config t
ASA(Config-t)#DMZ network
ASA(Config-t)#nameif DMZ
ASA(config-t)#Security-lev el 50 (As it is DMZ network by default)
Once the above configuration is done one has to define Access-list to communicate inside network with outside network and viceversa.Once done with Interface configuration .One has to configure Failover on ASA Firewall first enable Failover and one should configure Failover in 2 states Active and Passive .
Check with below command whether the failover was successfull by typing the command :
sh failover status it will show as active and standby no configured .
Now goto another ASA and repeat the same above steps and once the Failover is configured then a message will be sent to ASA1 from ASA2 failover successfull once you see this message you can confirm the Failover was Successfully configured on ASA1 and ASA2 and it shows the status as Failover in Active state on both the ASA1 and ASA2 and Standby waiting.
You can try the above steps for configuring Failover on ASA i have just given a rough idea on how to configure Failover on ASA you are supposed to enter IP Address and then need to update the configuration on ASA.
It is a lengthy process and you have to do all the configurations on ASA firewall and then need to enable Failover on firewall and need to configure Failover .The cconfiguration should be as follows :
Inside Network
ASA#config t
ASA(Config-t)#inside network
ASA(Config-t)#nameif inside
ASA(config-t)#Security-lev
Outside Network
ASA#config t
ASA(Config-t)#outside network
ASA(Config-t)#nameif outside
ASA(config-t)#Security-lev
If there is any DMZ network then as below :
ASA#config t
ASA(Config-t)#DMZ network
ASA(Config-t)#nameif DMZ
ASA(config-t)#Security-lev
Once the above configuration is done one has to define Access-list to communicate inside network with outside network and viceversa.Once done with Interface configuration .One has to configure Failover on ASA Firewall first enable Failover and one should configure Failover in 2 states Active and Passive .
Check with below command whether the failover was successfull by typing the command :
sh failover status it will show as active and standby no configured .
Now goto another ASA and repeat the same above steps and once the Failover is configured then a message will be sent to ASA1 from ASA2 failover successfull once you see this message you can confirm the Failover was Successfully configured on ASA1 and ASA2 and it shows the status as Failover in Active state on both the ASA1 and ASA2 and Standby waiting.
You can try the above steps for configuring Failover on ASA i have just given a rough idea on how to configure Failover on ASA you are supposed to enter IP Address and then need to update the configuration on ASA.
ASKER