Hi there,
I'm the Managing Director of a web solutions and hosting company in the UK.
We have 2 x Sonicwall Pro VX. Until recently we had only one running on the 6.2.0.0 firmware - the other was boxed up as we had not yet got round to setting up High Availability.
A few weeks ago we upgraded to the latest firmware and have been having nightmares ever since. The Pro VX kept restarting itself or locking completely. Looking around Usenet we saw no messages that suggested this was a common problem with the new firmware and so we decided our first option would be to set up the 2 Pro VXs as a High Availability pair to offer better resiliency.
The results of this were mixed. The HA pair worked fine, with the Secondary kicking in after 10s and relinquishing control back to the Primary when it came back online. However, one of our server stacks on the DMZ became invisible on the net when the secondary firewall was active. I believe this is because the IP/MAC addresses associated with the firewall were stuck in caches in switches, hubs and NICs and the servers were looking for IP/MAC1 and seeing IP/MAC2 (IYSWIM).
At present we have rolled back to the 6.2.0.0 firmware on a single firewall and (touch wood) things are stable again. Before we set up HA again I would like input as to whether my diagnosis of the problem is correct and what we should be doing to ensure the failover process works smoothly in future.
The servers are 2 pairs of load balancing Win2k Servers that all go through the same hub and then on to another hub on the way to the DMZ port of the Pro VX.
Cheers,
Colin
---
CONFIDENTIAL NOTICE
This communication contains information that is confidential and may also be
privileged. The information in this message is intended for the addressee
only unless explicitly stated. If you have received this message in error it
must be deleted and the sender notified. Please note that any distribution,
copying or use of this communication or the information in it is strictly
prohibited unless explicitly stated. Emails sent to or received from Spex
Internet Limited may be intercepted and read by the system administrator.
Interception will only occur to ensure compliance policies, procedures or
regulatory obligations, to prevent or deter crime, or for the purposes of
essential maintenance or support of the email system.
