How to use QuickHA to configure an active-passive HA cluster.
To configure active-passive QuickHA, do as follows:
Caution You must make sure that both appliances have different IP
addresses initializing the QuickHA mode. For example, you can't have both devices using the default
172.16.16.16 address.
-
Connect the XG Firewall devices
using a network cable plugged into the dedicated HA port on both units.
-
Sign in to the web admin console of the primary XG Firewall device and go to .
-
Select Primary (Active-Passive) as the Initial device role
-
Ensure QuickHA is selected. You’ll see default settings
(which you can change), as described in the steps that follow.
-
QuickHA generates a passphrase automatically. You can also change the
passphrase manually.
Note The passphrase is used only once to generate the SSH keys used to encrypt communication over
the HA link. It's then deleted.
-
QuickHA selects a dedicated HA link automatically. You can also select an
interface manually.
By default, QuickHA selects the first unbound interface. If this isn't available, it uses the
first DMZ port. This interface is renamed QuickHA mode interface and is assigned an IPv4 address
from the link local range, 169.254.0.0/16.
QuickHA assigns the peer administration port based on the interface you're
currently using to access XG Firewall
WebAdmin. For example, if you're connected to PortA,
this interface becomes the peer administration port on both XG Firewall devices.
Caution If QuickHA selects a DMZ port that’s already in use, its current configuration
will be overwritten.
-
Click Initiate HA.
-
Sign in to the web admin console of the auxiliary XG Firewall device and go to .
-
Select Auxiliary as the device role.
-
Select QuickHA and enter the same passphrase used on
the primary XG Firewall device.
-
Click Initiate HA. You see a message about the
configuration being overwritten. This is because the configuration will be synchronized from the
primary XG Firewall device.
