Sonicwall HA Pair Provisioning – Lessons Learned

Recently a company i work for shut down our physical data center and migrated our servers to AWS.
This was good news for me as a network engineer. This meant I now had an extra set of Sonicwall NSA 3600’s with High Availability (HA) licenses.
I decide to use the HA pair as my primary firewalls for my local office.
There are a few lessons i learned while processioning the systems that i thought might come in handy to someone else in the same situation.

Steps taken to prepare the firewalls:
1. Upgrade the operating system (OS).
– current version was 6.1.1.2 upgraded to 6.2.7.1 then upgraded to 6.5.1.2 (I really like the improved look of 6.5)
2. Download the setting from our current office sonicwall NSA 3600 and upload to both HA units separately.
3. Configure the ha pair settings and interfaces.
4. Connect the HA interfaces with a crossover cable. (yes you have to use a crossover cable. the interfaces are not smart enough to change the wiring)
5. Test Failover.

This is where i ran into problems. The HA interfaces where not talking to each other.
I tried swapping cables, rebooting, redo the HA settings,  nothing would get the systems to talk to each other.
When i uploaded the origanal setting that worked in the data center, the HA communication worked.
When i uploaded the setting from my firewall, the HA communication would not work?
The only thing i could think of is my firewall was running version 6.2.7.1 and the upgrade was running version 6.5.1.2.
Maybe something does not transfer when taking the setting from an older OS version.

How i solved the issue.

I decided to downgrade the system by re-uploading the software of version 6.2.7.1, boot to the software version,
then upload my firewall setting from my office firewall, configure the HA settings and interface, connecting the HA interface.
The HA failover and communication worked.

OK, so now i go through the upgrade steps again! I upgraded each system separeately.
1. Upload the software 6.5.1.2
2. Boot to the new software.
3. Check the HA settings to make sure they are correct.
4. Connect the HA interfaces. Yep, lights are blinking now.
5. The web gui shows an election going on for primary and standby
6. Test HA functionality.

Yes it worked. Failover worked. Traffic failover worked.
Time to install and run as my new office Firewalls with HA failover.

I hope this might help someone dealing with Sonicwall HA firewalls.

Was this article helpful?

Related Articles

Leave A Comment?

You must be logged in to post a comment.