To protect the service of your main Smoothwall, you can set up a failover. This is a secondary Smoothwall Filter and Firewall hardware appliance that can take over the main's functions in the event of the hardware failure. The secondary failover Smoothwall Filter and Firewall hardware appliance runs in standby mode, monitoring the main Smoothwall for a heartbeat communication. You must configure a heartbeat interface on the main system to make sure that the connection to the failover system is live.
Heartbeat is the name of a suite of services and configuration options that allow two identical Smoothwalls to be configured to provide hardware failover. The main system periodically copies settings to the failover unit to make sure that the failover unit can provide a fully configured service if the main system fails. Settings are copied intermittently, and the failover unit could be a few minutes behind configuration changes made to the main system.
If the main Smoothwall fails, it stops responding to the failover unit’s heartbeat and the failover unit determines that the main system is no longer available. This occurs somewhere between 0 seconds and the Keep-alive internal time specified when configuring failover. The failover unit then enters a more responsive mode where it monitors the main system for its revival. It remains in this mode for the length of Dead time you've configured. This stage is designed principally to cope with intermittent failures within the communication system, such as a heavily loaded main system.
Once Dead time has expired, the failover unit awakens from its standby mode and begins reinstating the settings and services allowing it to take over operations from the main system. The failover unit essentially provides a drop-in replacement and the transition generally go unnoticed because part of this information includes the IP addresses for each of the main system’s interfaces.
When the main system starts to respond again, be it minutes, days or weeks later, if Auto failback is turned on, the failover unit hands over control to the main, turns off its configuration and services, and returns to standby mode. For the network configuration, we recommend the network is private and only used by the main and failover units. A failover archive contains the settings to configure the failover unit to provide hardware failover for the Smoothwall. Implementing failover on the failover unit entails running the setup program and using the restore options to apply the settings.
Configuring hardware failover entails:
- On the primary system, configuring and generating a failover archive to deploy on the failover unit.
- If not using Smoothwall Filter and Firewall hardware appliances, installing the Smoothwall onto the failover unit and deploying the failover archive
- If using Smoothwall Filter and Firewall hardware appliances, connecting to the failover unit via SSH, running the setup program and deploying the failover archive. A heartbeat interface must exist on the primary system for failover to work.