Failover firewall setup
For the failover function to work properly, you must configure the firewalls in the right way, and connect them correctly. Here is a short guide on how to do this.
Create a new failover team
To create a new failover team, you must initiate the two firewalls in different ways. The first firewall is made a member of the team by web interface configuration, the second is added to the team by means of connecting to it via the serial cable.
Firewall 1
The following procedure will produce a correctly configured firewall 1 team member:
Go to the Failover Settings page and select the interface which should be directly connected to the other firewall as Dedicated interface to use. Check the Dedicated network to see that it doesn't clash with any of your internal networks.
Press the Create new team button to create a new failover team with this firewall as its first member. This will cause a reboot.
Firewall 2
To make firewall 2 (the standby unit) a member of the failover team, you have to connect to it using the serial cable. See chapter 3, Installing Ingate Firewall, for a thorough description on how to do this.
Log on from your terminal as admin and select 3. Become a failover team member. Select the same interface as was selected as Dedicated interface for firewall 1. All existing configuration will be removed and the firewall will reboot. It will then obtain its configuration from firewall 1.
Connecting the firewalls
After installing the firewalls, you must also connect them properly. They must be located close to each other, as they will be connected in parallel to all networks.
The interface on firewall 1 which was reserved for failover should be connected to the corresponding interface on firewall 2 using a crossover TP cable. If you for example selected eth2 as the Dedicated interface to use, you should connect eth2 on firewall 1 with eth2 on firewall 2.
The other interfaces should be connected in parallel to the networks on which the firewall should operate. If you configured eth0 to be on the Inside and eth1 on the Outside, both eth0 interfaces should be connected to the local network and both eth1 interfaces to the Internet network. You can't have a router between any pair of interfaces; they must be located on the same logical IP network.
