About system hardware failovers

To protect the service of your primary Smoothwall, you can set up a failover. This is a secondary Smoothwall Filter and Firewall hardware appliance that can take over the primary's functions in the event of the hardware failure. The secondary failover Smoothwall Filter and Firewall hardware appliance runs in standby mode, monitoring the primary Smoothwall for a heartbeat communication. You must configure a heartbeat interface on the primary system to make sure that the connection to the failover system is live.

Heartbeat is the name of a suite of services and configuration options that allow two identical Smoothwalls to be configured to provide hardware failover. The primary system periodically copies settings to the failover unit to make sure that the failover unit can provide a fully configured service if the primary system fails. Settings are copied intermittently, and the failover unit could be a few minutes behind configuration changes made to the primary system.

If the primary Smoothwall fails, it stops responding to the failover unit’s heartbeat and the failover unit determines that the primary system is no longer available. This occurs somewhere between 0 seconds and the Keep-alive internal time specified when configuring failover. The failover unit then enters a more responsive mode where it monitors the primary system for its revival. It remains in this mode for the length of Dead time you've configured. This stage is designed principally to cope with intermittent failures within the communication system, such as a heavily loaded primary system.

Once Dead time has expired, the failover unit awakens from its standby mode and begins reinstating the settings and services allowing it to take over operations from the primary system. The failover unit essentially provides a drop-in replacement and the transition generally go unnoticed because part of this information includes the IP addresses for each of the primary system’s interfaces.

When the primary system starts to respond again, be it minutes, days or weeks later, if Auto failback is turned on, the failover unit hands over control to the master, turns off its configuration and services, and returns to standby mode. For the network configuration, we recommend the network is private and only used by the primary and failover units. A failover archive contains the settings to configure the failover unit to provide hardware failover for the Smoothwall. Implementing failover on the failover unit entails running the setup program and using the restore options to apply the settings.