3
Chapter3 Installation
71
HA Mode
HA Operation
There are two HA modes: Active-Standby and Active-Active.
In Active-Standby mode, one TrusGuard device (master) is working while the other (slave) is in
standby mode.
•
The slave device waits in standby mode starts working when there is a problem in the master
device.
In Active-Active HA mode, there is no master and slave device.
You need an L2 or L3 router/switch according to the network interface and settings.
HA peer uses HA interface that gets a virtual IP address when communicating with the
router/switch.
The HA works as Active-Standby mode or Active-Active mode according to the next-hop routing.
•
Active-Standby HA: The upper/lower router/switch specifies the master's HA interface virtual IP
address as the next-hop.
•
Active-Active HA: Equal-cost multiple path routing used when the upper/lower router/switch
specifies the master’s and slave’s virtual IP addresses as the same next-hop.
HA peer uses HA sync interface to sync the sessions and policies.
•
Active-Standby HA: Syncs all sessions and policies
•
Active-Active HA: Syncs policies only
The HA mode will get converted automatically, or the administrator can convert it manually.
To use NAT, a secondary port (network port-based NAT) with HA peers with the same IP address, or
IPv4 address profile (policy-based NAT) is needed.
HA Mode
You can combine a HA mode (Active-Standby, Active-Active) with a device operation mode (router or
bridge) as below.
Active-Standby Router Mode
Active-Standby Bridge Mode
Active-Active Router Mode
Active-Active Bridge Mode