Hardware / High Availability

"Hardware" tab

This module presents various indicators on the operating status of the firewall or members of the cluster in the form of graphs or tables:

  • CPU temperature curve,
  • S.M.A.R.T. information and tests on disks,
  • RAID status, if any,
  • Power supply status,
  • Fan status,
  • 3G/4G modems connected to the firewall.

Interactive features

For the curve:

  • Left-clicking on an indicator listed in the legend allows hiding/showing the corresponding data on the graph,
  • Scrolling over a curve with a mouse will display the value of the indicator and corresponding time in a tooltip.

For the table of S.M.A.R.T. information :

  • By scrolling over the reference of a disk with a mouse, details of S.M.A.R.T. tests conducted and their results will appear in a tooltip.

"Cluster details" tab

This tab is accessible only when high availability has been configured and enabled. It groups data on the status of high availability for each member of the cluster.

The Local firewall column sets out the value of an indicator for the firewall on which the administrator is connected. The Remote firewall column sets out the value of this indicator for the remote member of the cluster.

 

Indicators

Status This field indicates whether the firewall concerned is active or passive.
Firmware version Indicates the firmware version on each member of the cluster.
Forced status

The Active status is imposed on one of the members of the cluster when you select "This firewall (serial number)" or "The other firewall (serial number)" for the Quality indicator field (System > High availability > Advanced properties menu).

Quality indicator

Specifies the quality indicator calculated for high availability. In particular, this indicator takes into account the weight assigned to network interfaces when any of them accidentally become unavailable.

A red or green LED will be seen next to the indicator.

Priority

Indicates the priority assigned to the firewall on which the administrator is connected.

This priority may be defined in the menu:

High availability > Quality indicator > Active firewall if equal.

If one of the firewalls is selected, it will have a priority of 50 while the other member of the cluster will be assigned a priority of 0.

Configuration synchronization

Indicates whether the configurations of both members of the cluster are the same.

Possible values: Synchronized or Desynchronized.

A green or red LED accompanies this value.

HA link state

Displays the status of the main physical link between members of the cluster:

  • OK: the link is operational
  • KO: the link is not functioning (e.g., unplugged cable).
  • UNKNOWN: the status of the link could not be retrieved.
Backup HA link state

Displays the status of the backup physical link (secondary) between members of the cluster:

  • OK: a backup link has been defined and is operational.
  • KO: a backup link has been defined but is not functioning (e.g., unplugged cable).
  • UNKNOWN: the status of the link could not be retrieved.
  • N/A: no backup link has been defined in the HA configuration.

Advanced indicators

Retrieving HA data

Indicates, either with a green or red LED, whether the firewall has responded to the request enabling the retrieval of data regarding high availability.

Firewall model Specifies the firewall model (SN200, SN6000, etc).
Supervisor

In a cluster, one of the firewalls assumes the role of supervisor in order to decide when to synchronize files, for example.

This field indicates which of the two firewalls assumes this role.

Version number (data)

This version number is associated with data generated from the intrusion prevention engine and synchronized between both firewalls.

It allows detecting incompatibilities when the cluster consists of firewalls in different versions.

Version number (connections)

This version number is associated with the protocol (and not data) used for the synchronization of data generated by the intrusion prevention engine.

Version number (status) Version number of the algorithm used for determining the status (active/passive) of members of the cluster.
License Specifies the type of license associated with HA (Master / Slave / None).
Currently connected on Indicates the cluster member on which the administrator is connected.
Boot partition Indicates which partition is used when the firewall starts up (main/backup).
Backup partition version Specifies the firmware version installed on the backup partition.
Backup partition date Indicates the last time the backup partition was updated.
Firewall last started on Indicates the last time the firewall was started (format: YYYY-MM-DD HH:MM:SS).
Last synchronization Indicates the last time the cluster was synchronized (format: YYYY-MM-DD HH:MM:SS).
Last status change Indicates the last time the firewall's status (active/passive) was changed (format: YYYY-MM-DD HH:MM:SS).
HA service

This refers to the internal status of the HA management service on members of the cluster. The value of this field may be one of the following:

  • Starting: initial status of the service when the firewall has just restarted.
  • Waiting_peer: during restart, the firewall goes into passive mode and attempts to contact the other member of the cluster.
  • Synchronizing: when a firewall has restarted and managed to contact the other member of the cluster, the connection will start synchronizing.
  • Running: the firewall is active.
  • Ready: the firewall is passive and ready to switch to active if necessary.
  • Reboot: before restarting, the firewall informs the other member about it before switching to passive. The status of its service will then be shown as Reboot.
  • Down: before being shut down, the firewall informs the other member of the cluster about it. The status of its service will then be shown as Down.
HA link IP address Firewall IP address presented by the interface dedicated to the main HA link.
HA link status changed Indicates the last time the main HA link's status was changed (format: YYYY-MM-DD HH:MM:SS).
Backup HA link IP address Firewall IP address presented by the interface dedicated to the backup HA link (N/A if no backup links have been defined in the cluster).
Backup HA link status changed Indicates the last time the backup HA link's status was changed (format: YYYY-MM-DD HH:MM:SS).
No. of last SMC deployment Indicates the revision number of the last configuration deployed via Stormshield Management Center (N/A if the firewalls are not managed by an SMC server).