Ingram TS/Licensing FAQ

Licensing and FAQ for SHD Vendors

    TZ High Availability Licensing



    Posts : 17
    Join date : 2015-05-13

    TZ High Availability Licensing

    Post by daniel.kremers on Mon May 18, 2015 11:45 am

    High Availability requires one SonicWALL device configured as the Primary SonicWALL, and an identical SonicWALL device configured as the Backup SonicWALL. During normal operation, the Primary SonicWALL is in an Active state and the Backup SonicWALL in an Idle state. When a failure on the Primary SonicWALL occurs, the Backup SonicWALL transitions to Active mode and assumes the configuration and role of Primary. The failover applies to loss of functionality or network-layer connectivity on the Primary SonicWALL.

    SonicWALL security appliance configuration is performed on only the Primary SonicWALL, with no need to perform any configuration on the Backup SonicWALL. The Backup SonicWALL contains a real-time mirrored configuration of the Primary SonicWALL via a dedicated Ethernet link. If the firmware configuration becomes corrupted on the Primary SonicWALL, the Backup SonicWALL automatically refreshes the Primary SonicWALL with the last-known-good copy of the configuration preferences.

    High Availability pairs share a single set of security services licenses. These licenses are synchronized between the active and passive appliances in the same way that all other information is synchronized between the two appliances. For information on security service license synchronization, see the SonicWALL High Availability License Synchronization feature module, which is available at

    SonicWALL Stateful High Availability-
    The original version of SonicOS Enhanced provided a basic High Availability feature where a backup firewall assumes the interface IP addresses of the configured interfaces when the primary unit fails. Upon failover layer 2 broadcasts are issued (ARP) to inform the network that the IP addresses are now owned by the backup unit. All pre-existing network connections must be rebuilt. For example, Telnet and FTP sessions must be re-established and VPN tunnels must be renegotiated.

    Stateful High Availability (SHA) provides dramatically improved failover performance. The primary and backup appliances are continuously synchronized so that the backup can seamlessly assume all network responsibilities if the primary appliance fails, with no interruptions to existing network connections



    Posts : 17
    Join date : 2015-05-13

    Re: TZ High Availability Licensing

    Post by daniel.kremers on Tue Jun 09, 2015 3:23 pm

    Active/Standby—Active/Standby mode provides basic high availability with the configuration of two identical
    firewalls as a High Availability Pair. The Active unit handles all traffic, while the Standby unit shares its
    configuration settings and can take over at any time to provide continuous network connectivity if the Active
    unit stops working. By default, Active/Standby mode is stateless, meaning that network connections and VPN
    tunnels must be re-established after a failover. To avoid this, Stateful Synchronization can be licensed and
    enabled with Active/Standby mode. In this Stateful HA mode, the dynamic state is continuously synchronized
    between the Active and Standby units. When the Active unit encounters a fault condition, stateful failover
    occurs as the Standby firewall takes over the Active role with no interruptions to the existing network

      Current date/time is Mon Jan 21, 2019 4:10 pm