|
I am
running a Pro300 and trying to get it to do HA with a Pro-VX. Twice I have
implemented the change and twice it has failed and I had to break the
pair.
The
first time my DMZ machines became inaccessible from the internet (perhaps the
same caching issue you described.)
The
second time VPN clients would not connect to the virtual ip of the pair. If I
put the primary's ip at the VPN termination point it would work, but then it
wouldn't be HA in case of a failure on the primary.
I will
likely try it a third time to see whether it works, but beyond that I will
probably abandon HA until I can cost justify a second
Pro300.
Paul
Thanks for the response, John.
I
wonder if I should put pressure on Sonicwall to replace the Pro VXs with Pro
300s. Do they support more connections? If so, it would be worth it, even
running 6.2.0.0
Col
I
had exactly the same problems with my Pro-VX. Sonicwall ended up
sending me a new Pro-300 to replace it. Then the Pro-300 started
having similar issues. Yesterday they gave me a new firmware to
address some of the issues (6.3.1.2), but since I only upgraded it this
morning again I have yet to see if it works long term.
My only fix with
the Pro-300 going crazy was to revert back to 6.2.0.0. But with so
many users running XP and using VPN, it wasn't a solution because only
6.3.1.0 supported the new version 8 VPN client that you need if you run
XP. I'm crossing my fingers, but meanwhile have ordered a new
Watchguard 2500 to replace the sonicwall - it's just been too unstable to
trust for my business anymore.
Some things with
the Pro-VX that have helped me, and some others - don't leave the ports on
the firewall set to autodetect. Hard code them for your switches'
speed. Mine are all 100MB half duplex. That seemed to help mine
some, and a few others. Also, I'd avoid the 6.3.1.0 firmware and stay
at the 6.2.0.0 until they officially release a successor to
6.3.1.0.
Good
luck!
John
LEGAL NOTICE:
Unless expressly stated otherwise, this message is confidential and may be privileged. It is intended for the addressee(s) only. Access to this e-mail by anyone else is unauthorized. If you are not an addressee, any disclosure or copying of the contents or any action taken (or not taken) in reliance on it is unauthorized and may be unlawful. If you are not an addressee, please inform the sender immediately.
| 