Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

790 appliance High Availability Configuration

790 WiFi appliance is in production with two Internet connections, and multiple defined objects and rules, local switch is defined and two WiFi segments, one guest and one with access to LAN.

I was advised to: 1) backup the existing 790 2) confirm both units have same firmware 3) flatten existing unit retaining existing firmware version 4) setup first unit as Primary HA 5) setup second unit as HA, 6) restore backup to newly created cluster to retain objects and rules.

When I restored the backup to the cluster, it brought back the objects and rules, but overwrote the cluster configuration and would not operate normally until the second unit was taken off line.

Question: Can I configure cluster from the existing device (with its rules and objects in place) by simply adding the second unit, or must I flatten the existing unit, create the cluster with both "bare" units, then recreate the objects and rules?

0 Kudos
10 Replies
Highlighted
Admin
Admin

I don't know for sure, but it seems reasonable to try it after taking a fresh backup first.
Once the cluster is established, the configuration should synchronize from primary to secondary.
Highlighted
Platinum

No need to reset configuration on primary unit. You only need to complete First Time Configuration Wizard on secondary one (disable switch on LAN ports btw). Then connect sync cable. Proceed with configuring cluster on primary and then on secondary unit.

Make sure both units run the same firmware version. 

Highlighted

Thanks for your input. I’ll give it a go this weekend.
0 Kudos
Highlighted

Thanks for your input, I’ll give it a go this weekdend.
0 Kudos
Highlighted

Thanks for your input.  When choosing "Configure Cluster" from High Availability, the device would not respond. After an hour with TAC and no solution, I'll start from scratch configuring the new 790 as primary, install Internet connections, objects, and rules, then configure it as the primary cluster member.

0 Kudos
Highlighted
Platinum

That's unfortunate to hear. There must be something really wrong to behave like that. Let us know what the outcome is.

0 Kudos
Highlighted

I created the Primary member while off line, configured its objects, groups and rules, and brought it on line this morning as planned. I then reset the existing device to default settings with the same firmware, and ran the basic configuration. The cluster process worked as shown in the admin guide, without issues. After the cluster was created, I was able to create a WiFi for the LAN as well as a guest WiFi. Tests of the HA and ISP redundancy were successful. Thanks for the input.
0 Kudos
Highlighted
Platinum

Happy to hear it. Although it could have been nice to find what the problem is. May be something in the local database was not right. 

0 Kudos
Highlighted

Interestingly, this morning the client called and reported Internet access was (mostly) down as well as email flow to and from their internally hosted mail server.  The Sand Blast Threat Emulation. which would not activate yesterday,  was now active, and apparently was causing problems, as traffic returned to normal when the Threat Emulation was turned off.

In addition, the WiFi configurations had changed; the Guest WiFi that was configured yesterday was inactive, its access policy had changed to allow access to the local network, its interface configuration had changed, and the additional (Standard) WiFi that was created for LAN users access yesterday, was nowhere to be found.

0 Kudos
Highlighted
Platinum

I would start with checking /var/log/messages and /var/log/log/sfwd.elg. Also it is worth checking 'dmesg'. And look for possible *core* and *panic* files in /logs.

0 Kudos