You are here: Cookbook > High Availability > Ensuring Uninterrupted Connection Using HA AA

Ensuring Uninterrupted Connection Using HA AA

This example introduces how to configure two devices working under Active-Active mode to provide high availability for the protected network.

Before configuration, confirm that the two Hillstone devices built into HA typical networking mode use exactly the same hardware platform, firmware version, and install the same license, and the two devices use the same interface to connect to the network.

As shown in the figure below, the two devices forming the HA AA mode are Device A and Device B. After the configuration is complete, both devices will enable the HA function. The system elects Device A as the master device of group 0, and Device B preempts it as the master device of group 1. Device A performs synchronization configuration with Device B. Under normal circumstances, the two devices run their own tasks independently: Device A forwards the traffic that the finance department and R&D department access the network; Device B forwards the traffic that the R&D server group accesses the network. If one of the devices fails, the other device can run its own work while taking over the work of the failed device to ensure uninterrupted work. For example: Device B fails to work, Device A will forward the network traffic of the R&D server group while forwarding the network traffic of the finance department and the R&D department.

Configuration Steps

Step 1: Configuring HA  

Device A

Select System > HA, under the Group0 part:

  • Priority: 10
  • Preempt:3
  • Gratuitous ARP packet number: 15

Device A

Select System > HA, under the Group0 part, click New. Under the Group1 part:

  • Priority: 200
  • Preempt:3

Device B

Select System > HA, under the Group0 part:

  • Priority: 200
  • Preempt:3
  • Gratuitous ARP packet number: 15

Device B

Select System > HA, under the Group0 part, click New. Under the Group1 part:

  • Priority: 20
  • Preempt:3
  • Gratuitous ARP packet number: 15
Step 2: Configuring HA control link interface and enabling HA

Device A

Select System > HA.

  • Control Link Interface 1:ethernet0/4
  • IP Address: 100.0.0.1/24
  • HA Cluster ID: 1

Device B

Select System > HA.

  • Control Link Interface 1:ethernet0/4
  • IP Address: 100.0.0.100/24
  • HA Cluster ID: 1
Step 3: Configuring Device A's interface

Select Network > Interface, and double click ethernet0/0.

  • Binding Zone: Layer 3 Zone

  • Zone: untrust

  • Type: Static IP

  • IP Address: 192.168.1.1

  • Netmask: 255.255.255.0

Select Network > Interface, and double click ethernet0/1.

  • Binding Zone: Layer 3 Zone

  • Zone: trust

  • Type: Static IP

  • IP Address: 10.1.1.1

  • Netmask: 255.255.255.0

Select Network > Interface, and double click ethernet0/2.

  • Binding Zone: Layer 3 Zone

  • Zone: trust

  • Type: Static IP

  • IP Address: 20.1.1.1

  • Netmask: 255.255.255.0

Select Network > Interface, click New.Choose Virtual Forward Interface.

  • Interface Name: ethernet0/3:1
  • Binding Zone: Layer 3 Zone
  • Zone: trust
  • Type: Static IP
  • IP Address: 30.1.1.1
  • Netmask: 255.255.255.0

Select Network > Interface, click New.Choose Virtual Forward Interface.

  • Interface Name: ethernet0/0:1
  • Binding Zone: Layer 3 Zone
  • Zone: untrust
  • Type: Static IP
  • IP Address: 192.168.2.1
  • Netmask: 255.255.255.0

Step 4: Configuring track object of device. Use the monitoring object to monitor the status of the interfaces of Device A and B. Once one of the interfaces fails to work, it will be switched.

Device A
Select Object > Track Object, and click New.

  • Name: group0
  • Track Type: Interface

  • Add Track Members: Click Add. In the prompt, select ethernet0/0、ethernet0/1、ethernet0/2.

Device A
Select Object > Track Object, and click New.

  • Name: group1
  • Track Type: Interface

  • Add Track Members: Click Add. In the prompt, select ethernet0/0:1、ethernet0/3:1.

Device A

Select System > HA, under the Group0 part:

  • Track Object: group0

Under the Group1 part:

  • Track Object: group1

Group0 :

Group1 :

Device B

Select System > HA, under the Group0 part:

  • Track Object: group0

Under the Group1 part:

  • Track Object: group1
Group0 :

Group1 :

Step 5: Configuring Device A's SNAT

Select Policy > NAT > SNAT, and click New.

  • Requirements

    • Type: IPv4
    • Source Address: Address Entry; Any
    • Destination Address: Address Entry; Any
    • Egress: Egress Interface; ethernet0/0
  • Translated to

    • Egress IF IP

Select Policy > NAT > SNAT, and click New.

  • Requirements

    • Type: IPv4
    • Source Address: Address Entry; Any
    • Destination Address: Address Entry; Any
    • Egress: Egress Interface; ethernet0/0:1
  • Translated to

    • Egress IF IP
  • Advanced Configuration
    • HA group: 1
Step 6: Configuring Device A's policy  

Select Policy > Security Policy > Policy, click New and choose Policy.

  • Name: policy
  • Source Information
    • Zone: trust
    • Address: Any
  • Destination Information
    • Zone: untrust
    • Address: Any
  • Other Information
    • Service: Any
  • Action: Permit
Step 7: Results  

After configuration, select System > System Information. Behind the "HA state" item, the device's HA status will show.

Device A

  • HA State:
    group0: Master group1: Backup

Device B

  • HA State:
    group0: Backup group1: Master

Device A:

Device B:

When Device B fails to work, Device A will forward the network traffic of the R&D server group while forwarding the network traffic of the finance department and the R&D department.

Select System > System Information. The HA state item shows device's status.

Device A

  • HA Status:
    group0: Master group1: Master

Device B

  • HA Status:
    group0: Backup group1: Monitor Failed

Device A:

Device B: