GajShield Knowledge Base

All the documents you require to help you configure and manage GajShield firewalls.

How to configure HA on your firewalls

In this document, we will guide you through the configuration of HA on your firewalls.

Note: For every port that we configure on HA, we need 3 IP addresses.

login to the firewall, go to Configuration → HA

Enter the following information:

Email ID To: The ID to which, mail will be send, whenever Master Firewall gets down.

Email ID From: The ID from which mail will be sent.

SMTP server IP: The IP of SMTP server.

Router Type: The mode in which firewall will be configured. (That is either MASTER mode or in BACKUP mode.)

Note: First, we need to configure the Master firewall and then we can configure Backup firewall.

HA Configuration: Select the mode in which you want to configure HA either in

active–active or active–passive mode.

Advertising Interval: The time after which the advertisement will be broadcasted by master.(i.e. After which MASTER firewall will multicast a VRRP request asking, whether any other firewall having higher priority or not.)

From the Available Interface list, select the interfaces that need to be configured under HA. These interfaces then will be monitored by HA service, whether they are UP or DOWN.

Now, click on ADD button. This will add the HA information to firewall.

After you click on ADD button, it asks you to insert virtual IP for interfaces you selected during configuration.

You can insert multiple virtual IP interfaces, each separated by comma. (e.g. 10.0.0.2, 10.0.0.3  etc.) and then click on UPDATE button. After that, you can synchronize the 2nd firewall with synchronization interface.

Now, log in to other firewall and apply the same steps from 1 to 6, except that the other firewall must be configured in the opposite mode that of the first one. (That is, if the first firewall is MASTER than second must be BACKUP and vice-versa.)

The Synchronization table for the firewall configured in Backup mode will look like this.

Configure the sync interface on both the firewalls and then go to Definitions → Host and create a host in Master firewall for Backup firewall IP and vice versa.

Create a rule in Master firewall to sync it with backup firewall. The rule will be as shown below:

In backup firewall, select Master Firewall host in Drop-down Master host in synchronization table.

Select the Synchronization interface in firewall Synchronization interface drop- down and then click the sync button.

After Sync Button is clicked, it will give you the following message, “Waiting for Master to synchronize”.

Once Backup firewall is synchronized, you can follow the same steps on Master firewall. After Synchronization process is completed successfully, it will show the following message in the Master firewall

The Backup firewall message will be as follows:

After Synchronization, you can modify any configuration value. If you want to modify values, then de-synchronize it first, and then make changes.

NOTE: For synchronization to take place, both MASTER and BACKUP firewall should have same HA Configuration (i.e., the same number of interfaces, virtual IPs etc.). If you have different HA configurations in master and backup firewall, then synchronization process will give an error and the firewall will not get synchronized.

Now start HA service by clicking on the start button on both the firewalls.

After HA service is started, whatever changes you make on the Master firewall will be replicated to the backup firewall.

Now, make the virtual IP of firewall as the default gateway of local system and all the traffic will go through the master firewall in case of active - passive HA configuration and will  be routed equally through both the firewall in case of active - active HA configuration.

NOTE: - Whenever fail over happens, you will receive mail about the fail over on mail ids, mentioned in email id in HA configuration.

To de-synchronize both the firewalls, stop HA service on both the firewalls, and click on De-sync button on the master firewall. This will De-synchronize both the firewalls. After de-synchronization is completed, the replication of configuration will stop.

With this, you have successfully configured HA on your firewall.


Attached Files:
How_to_configure_HA_on_your_firewall.pdf