Set up and connect a Failover Smoothwall Appliance or VM

A Failover is a secondary Appliance hardware unit or Virtual Machine (VM) that can take over functions if the Main Smoothwall Appliance fails. 

• The Main Smoothwall Appliance or VM copies settings to the Failover every five minutes, ensuring the Failover can provide the same services if the Main fails. This means settings on the Failover can be a few minutes behind.
• The Failover runs in standby mode and monitors the Main for ‘heartbeat’ communications through the Heartbeat interface. All other interfaces are inactive.

Before you begin

Check that your Main and Failover setups match

• Update both Appliances to the same level.
• Install the same modules on both Appliances.
• Check that both are licensed for Failover by going to System > Hardware > Failover. If not licensed, you’ll see this message: ‘Warning: Hardware failover must be licensed before it can be used on this installation.’. Contact your Customer Success Manager to discuss licensing options.
• Check that your Appliance Specifications match. We strongly recommend using the same Appliance models for your Main and Failover, because:
  • You must set up both identically, but port configurations vary across current and legacy models.
  • Smaller or legacy models may not provide sufficient performance, and using one as a Failover can cause it to fail when taking over from a larger or current model with greater capacity.
• Add a Smoothwall access rule for the Heartbeat admin on HTTPS (440) Service on the Main, This ensures the setting is copied to the Failover and saves time when testing.

Check your connections

• Connect the Failover to the same upstream and downstream networks as the Main.
• Physically connect the Heartbeat interface on the Main Smoothwall Appliance to the Heartbeat interface on the Failover Smoothwall Appliance.
• Turn on Secure Shell (SSH) for your Main.

Step 1: Set up the Heartbeat interface

1. Sign in to the Main Appliance and go to Network > Configuration > Interfaces.
2. Hover over the interface that will communicate with the Failover and select Edit.
3. For Use as, select Heartbeat interface.
4. Select Save changes.
5. Reboot the Main.

Step 2: Set up the failover

1. Remain signed in to the Main Appliance and go to System > Hardware > Failover.
2. In the Heartbeat section:
   • Select the Enabled checkbox.
   • Select the Auto failback checkbox for the Failover to automatically return control to the Main and enter standby mode when the Main starts responding after a failure.
   • For Keep-alive internal, select how often to communicate over the ‘heartbeat’ to check the Main is still working. The default is 1 second, or you can change this to 2 seconds or 5 seconds.
   • For Dead time, select how long the Failover should wait before taking over. The default is 5 seconds, or you can change this to 10 seconds or 30 seconds.
3. In the Networking section:
   • Enter the Master heartbeat IP address for the Main.
   • Enter the Failover heartbeat IP address for the Failover.
   • Enter a Netmask.
4. Select Save.

     Important

   • If you don’t have the Heartbeat interface set up, you’ll see this message: ‘No heartbeat interface configured.’ Complete Step 1: Set up the Heartbeat interface above.
   • If not licensed for Failover setups, your settings will have no effect. You’ll see this message: ‘Error: Hardware failover is not licensed for use.’. Contact your Customer Success Manager to discuss licensing options.
5. Reboot the Main.

Step 3: Install the archive on the Failover

Download the failover setup archive and install it on the Failover.

Step 4: Set up MAC Spoofing

Set up MAC Spoofing for your interfaces except for the Heartbeat interface to prevent ARP poisoning and ensure continued service in a failover event.

Next steps

Test that the Failover Smoothwall Appliance or VM works.