Firewall High Availability [HA Pro] - How to replace a defect device in HA Pro

This guide shows how to replace a faulty device in a device ha setup.

 

Scenario and Topology

In this example Device 2 needs to be replaced.

vyxk2bjn4kka.png

 

Before redeploying the HA-Pro environment

1.     Please make sure that all licenses are on the remaining device.

2.     Confirm that the correct serial number of the remaining device was entered on the HA-Pro page.

Configuration > Device HA > Device HA-Pro

00budlfd97o0.png

3.     Click on "Service License Refresh" on Device 1 to check for any license update from myzyxel.com.

Configuration > Licensing > Registration > Service > Service License Refresh

au1kjga8gx7e.png

 

After receiving the new device (Device 3)

1.     Backup the configuration of Device 1

2.     Device 3 should use the system-default configuration

3.     The running firmware version must be the same on both Devices.

4.     The running partition must be the same on both Devices.

 

Active (Device 1) - Running Firmware 4.35(ABIQ.2)

zegpojsp81jw.png

 

Passive (Device 3) - Running Firmware 4.35(ABIQ.2)

99tqfv276sms.png

 

Configuration on Device 1

Please go to the following settings and check "Enable Device HA":

Configuration > Device HA > Device HA Pro

Make sure the configuration on each field is correct. (Management IP of the active and passive device, password…)

Next, press the apply button.

dpjnatklqsls.png

 

Configuration on Device 3

Please go to the following settings and tick "Enable Configuration Provisioning From Active Device" and "Enable Device HA", then press Apply:

Configuration > Device HA > Device HA Pro

mppyve2z1w99.png

 

Press OK to complete the configuration of the passive device.

nl41o74acmku.png

 

Now connect the heartbeat port (the last copper ethernet port) link and wait for the full sync.

In this example, the ATP800 heartbeat port is port 12.

 

Note:
Don't change the configuration until the sync is complete.

It takes around 10 minutes for the first full synchronisation.


The sync status can also be checked via the console.

commands:

# show device-ha2 device-status
# show device-ha2 passive device-status

7bi9r7rk5f8b.png

 

# show device-ha2 sync summary

xgjg7y3x4wzi.png

 

 

Verification

You can check if everything is working in the log of the device HA status.
You should see the following messages when the configuration was successful:

Device 1 (Active Role)

duqga8x2sphy.png

r17h3kmsvmon.png

 

Device 3 (Passive Role)

prvkkmje27s9.png

xdub397ip8oo.png

 

Articles in this section

Was this article helpful?
1 out of 1 found this helpful
Share