...
Info |
---|
TCP connections are tracked via Connection Tracking and are synchronized to the Slave Firewall. However UTM functions such as IDS/IPS cannot be synchronized. Thus after a roll change all existing connections, which are scanned by a UTM function, are interrupted. |
Hinweis |
---|
The IP address range used for the "Cluster Interconnect" must not be used elsewhere (e.g. for the local network). Otherwise this will lead to routing problems! |
Requirements:
- LANCOM R&S®Unified Firewall with LCOS FX as of version 10.3
- Two Unified Firewalls of the same model as of UF-200
- The same firmware version has to be installed on both Unified Firewalls
- One Unified Firewall license
- The configuration on the Master Firewall has to be complete
- At least one free Ethernet port on both devices
- The Gratuitous ARP of the Slave Firewall has to be transmitted by the switch in the local network
- Web browser for configuring the Unified Firewall.
The following browsers are supported:- Google Chrome
- Chromium
- Mozilla Firefox
...
- Initial Role: Select the option Master.
- HA Interface: In the dropdown-menu select a free Ethernet port to be used for the synchronization between the two Unified Firewalls (in this example the port eth3).
- Local IP: Assign an IP address in CIDR format (Classless Inter Domain Routing) for the Master Firewall. This IP address respectively this network must not be used elsewhere in the configuration.!
- Remote IP: Assign an IP address from the same network as the Local IP to the Slave Firewall. IP addresses in another network cannot be used.
...