The Ingate Firewall failover function makes it possible to have a hot standby unit which always has the current configuration and which automatically takes over when the active unit goes down. The two units become a failover team.
This function requires that one interface on the firewall is dedicated for failover and can't be used for anything else.
This is a short description of what Ingate Failover can do and what is required to make it work.
Failover requires two firewalls, each of which must have at least three interfaces, and the standby unit must have exactly as many interfaces as are used on the active unit. Both units must run the same software version. Any expansion modules on the active unit must also be present on the standby.
The units must be located in a way which makes it possible to connect them with a cross-over network cable. You must also connect all other interfaces on the standby unit to the same routers/switches as the active firewall.
The Failover function allows you to create failover teams out of two firewalls, where one unit is active and the other a standby unit. The standby stays in constant contact with the active unit to check if it's working and to ask for new configuration whenever the configuration is changed on the active firewall. When the active unit fails, the standby takes over, with the same configuration (including IP addresses).
If either of the units stops working, or if the active unit can't connect to the standby unit via the cross-over cable, the firewall won't accept new changes to the configuration. This is because there is no way for the active firewall to transfer the changes to the standby unit. If this should happen, and there is no way to reestablish the connection between the two units, the active unit must change mode to a standalone unit (which breaks the failover team) to allow changes in the configuration.