User's Manual Part 1
Configuring High Availability
Chapter 5: Managing Your Network 121
Configuring High Availability
You can create a High Availability (HA) cluster consisting of two or more
Safe@Office appliances. For example, you can install two Safe@Office appliances
on your network, one acting as the “Master”, the default gateway through which all
network traffic is routed, and one acting as the “Backup”. If the Master fails, the
Backup automatically and transparently takes over all the roles of the Master. This
ensures that your network is consistently protected by a Safe@Office appliance and
connected to the Internet.
The gateways in a HA cluster each have a separate IP address within the local
network. In addition, the gateways share a single virtual IP address, which is the
default gateway address for the local network. Control of the virtual IP address is
passed as follows:
1. Each gateway is assigned a priority, which determines the gateway's role: the
gateway with the highest priority is the Active Gateway and uses the virtual IP
address, and the rest of the gateways are Passive Gateways.
2. The Active Gateway sends periodic signals, or “heartbeats”, to the network via a
synchronization interface.
The synchronization interface can be any internal network existing on both
gateways except the WLAN.
3. If the heartbeat from the Active Gateway stops (indicating that the Active
gateway has failed), the gateway with the highest priority becomes the new
Active Gateway and takes over the virtual IP address.
4. When a gateway that was offline comes back online, or a gateway's priority
changes, the gateway sends a heartbeat notifying the other gateways in the
cluster.
If the gateway's priority is now the highest, it becomes the Active Gateway.
The Safe@Office appliance supports Internet connection tracking, which means
that each appliance tracks its Internet connection's status and reduces its own