Actions you can perform to manage your HA cluster effectively.
Manually synchronize HA devices
The auxiliary device synchronizes automatically with the primary device. You can manually synchronize it with the primary device when needed.
You can start manual synchronization from either device. If you synchronize from the primary device, the primary device pushes the updates. If you synchronize from the auxiliary device, the auxiliary device pulls the updates from the primary device.
To manually synchronize the HA cluster, click Sync auxiliary device as shown in the image below.
Points to remember:
- With manual synchronization, you receive all the data and configuration updates except reports from the primary device.
- If you manually synchronize any of the HA cluster devices, the firewall drops all the masqueraded connections.
Turn off HA
HA can be turned off from either device.
To turn off HA, click Disable HA as shown in the image below.
When you turn HA off from the primary device, it's turned off on both devices.
When you turn off HA from the auxiliary device, it factory resets, and HA isn't turned off on the primary device. The primary device becomes a standalone device.
Points to remember when disabling HA:
- The primary device IP schema doesn't change.
- All the ports except the dedicated HA link port and peer administration port are disabled for the auxiliary device. The IP schema for these two ports doesn't change.
- If HA is turned off from a standalone device, the IP schema doesn't change.
- You must have administrator privileges to access the auxiliary device's web admin console. When you access the web admin console, the live users, DHCP leases, and IPsec live connections pages won’t be displayed.
Switch a device to active or passive
If you have configured active–passive mode, you can force the auxiliary device to take over as the primary device by clicking Switch to passive device (from the current primary) or Switch to active (from the auxiliary device).
The image below shows how to switch the passive Sophos Firewall to active.