Contents x
      How to Configure High Availability for Edge IPS Pro & EdgeFire Devices
      • 27 Mar 2023
      • 7 Minutes to read
      • Print
      Contents

      How to Configure High Availability for Edge IPS Pro & EdgeFire Devices

      • Updated on 27 Mar 2023
      • 7 Minutes to read
      • Print
      Article summary

      Summary

      High Availability (HA) is a feature for two EdgeIPS Pro/EdgeFire devices to provide network redundancy for ensuring the continuous operation and the service for each point between the OT control network and the IT management network. If one of the Edge devices fails to operate, the other Edge device will take over and keep the network connected.

      Applicable Version

      All versions of EdgeIPS Pro and EdgeFire

      Details

      1. High Availability

      For EdgeIPS Pro, HA can operate in Active-Active Mode (AA Mode) or Active-Standby Mode (AS Mode). In AA mode, two EdgeIPS Pro devices operate simultaneously, and traffic is forwarded through either the primary EdgeIPS Pro or the secondary EdgeIPS Pro. The traffic direction will be determined by the upper/lower management switches.

      image.png
      Figure 1 Deployment Scenario of EdgeIPS Pro HA (AA Mode)

      In AS mode, only the primary EdgeIPS Pro operates on the OT network, and the secondary EdgeIPS Pro stands by without forwarding network traffic. If the primary EdgeIPS Pro fails to operate, the secondary EdgeIPS Pro will take over and help forward the traffic to the upper management switch. The traffic direction will be determined by the upper/lower management
      switches.

      image.png
      Figure 2 Deployment Scenario of EdgeIPS Pro HA (AS Mode)

      For EdgeFire (Gateway Mode or Bridge Mode), HA can only operate in Active-Standby Mode (AS Mode). In AS mode, only the primary EdgeFire operates on the OT network, and the secondary EdgeFire stands by without forwarding network traffic. If the primary EdgeFire fails to operate, the secondary EdgeFire will take over and help forward the traffic to the upper management switch. The traffic direction will be determined by the upper/lower management switches.

      image.png
      Figure 3 Deployment Scenario of EdgeFire HA

      The following table summarizes the settings:

      Edge Series DeviceOperation ModeAction
      AA ModeAS Mode
      EdgeIPS ProInline Mode (Each Port-Pair)VV
      EdgeFireGateway ModeV
      Bridge Mode
      If HA is enabled and the configuration is synced up, the IP settings for all the interfaces will be synced to the active primary device. To access the management interface of the active primary device or the standby device, you need to create at least a management IP to bridge to a designated management interface.

      2. Configuring High Availability in AA/AS Mode for EdgeIPS Pro

      1. Access the EdgeIPS Pro web-based management console.
      2. Go to [Network] > [HA Settings].
      3. Click the [HA Settings] button and the [HA Settings] window will appear.
        image.png

          image.png

      1. Click the [Mode] drop-down list to select [Active/Active] or [Active/Standby]
      2. Input an [HA Interface IP Address].
      3. Input an [HA Interface Submask]. The HA subnet must be different from the network of the MGMT port.
      4. (Optional) Input a [VLAN ID] if needed.
      5. Input a [Unicast Heartbeat Peer IP]. The IP address must be the IP address of the target EdgeIPS Pro device that you want to connect to.
      6. Input a [Shared Secret Key]. Two EdgeIPS Pro devices in HA deployment must use the same shared secret key.
      7. Select a [Heartbeat Interval] and [Failover Trigger Level].
      8. Input a [Management IP for Management Port]. When HA is enabled and the configuration is synced up, the IP settings for all the interfaces will be synced to the active primary EdgeIPS Pro device. To access the management interface of the active primary EdgeIPS Pro device or the standby EdgeIPS Pro device, you need to create at least a management IP to bridge to the MGMT Port.
      9. Click the [Apply] button to save the HA settings.
      10. Use an Ethernet cable to connect to the HA ports on the primary EdgeIPS Pro and the secondary EdgeIPS Pro.
        image.png
      11. On [HA Status] page, [Connection Status] will show “Connected”, and [Peer Sync Status] will show “Un-Synced – Ready for the first-time sync-up”.
      12. Click the [Sync] button, and then [Peer Sync Status] will change to “The first-time syncup is in process”. The EdgeIPS Pro which you are configuring is selected as the primary EdgeIPS Pro, and the configuration and pattern files will be copied from the primary EdgeIPS Pro to the secondary EdgeIPS Pro.
      13. When [Peer Sync Status] shows “Synced” and [Device Role Status] shows “Primary”, the two EdgeIPS Pro devices are now ready to operate in HA deployment.

      3. Configuring High Availability in AS Mode for EdgeFire (Gateway Mode)

      1. Access the EdgeFire web-based management console.
      2. Go to [Network] > [Port Mapping].
      3. Change PORT7 from LAN Port to HA Port.
      4. Click [Save].
        image.png
      5. Go to [Network] > [HA Settings].
      6. Click the [HA Settings] button and the [HA Settings] window will appear.
        image.png

          image.png

      1. Click the [Mode] drop-down list to select [Active/Standby].
      2. Input an [HA Interface IP Address].
      3. Input an [HA Interface Submask]. The HA subnet must be different from the network of MGMT interface (WAN1) or Independent MGMT Port you use.
      4. (Optional) Input a [VLAN ID] if needed.
      5. Input a [Unicast Heartbeat Peer IP]. The IP address must be the IP address of the target EdgeFire device that you want to connect to.
      6. Input a [Shared Secret Key]. Two EdgeFire devices in HA deployment must use the same shared secret key.
      7. Select a [Heartbeat Interval] and [Failover Trigger Level].
      8. Input a [Management IP for Management Port]. When HA is enabled and the configuration is synced up, the IP settings for all the interfaces will be synced to the active EdgeFire device. To access the management interface of the active primary
        EdgeFire device or the standby secondary EdgeFire device, you need to create at least a management IP to bridge to the MGMT interface (WAN1) or Independent MGMT Port (WAN2). The management IP must be within the network subnet of the MGMT Interface (WAN1) or Independent MGMT Port (WAN2).
      9. Click the [Apply] button to save the HA settings.
      10. Use an Ethernet cable to connect to the HA ports on the primary EdgeFire and the secondary EdgeFire.
        image.png
      11. On the [HA Status] page, [Connection Status] will show “Connected”, and [Peer Sync Status] will show “Un-Synced – Ready for the first-time sync-up”.
      12. Click the [Sync] button, and then [Peer Sync Status] will change to “The first-time syncup is in process”. The EdgeFire that you are configuring is selected as the primary EdgeFire, and the configuration and pattern files will be copied from the primary EdgeFire to the secondary EdgeFire.
      13. When [Peer Sync Status] shows “Synced” and [Device Role Status] shows “Primary”, the two EdgeFire devices are now ready to operate in HA deployment.

      4. Configuring High Availability in AS Mode for EdgeFire (Bridge Mode)

      1. Access the EdgeFire web-based management console.
      2. Go to [Network] > [Port Mapping].
      3. Change PORT7 from Bridge Port to HA Port.
      4. Click [Save].
        image.png
      5. Go to [Network] > [HA Settings].
      6. Click the [HA Settings] button and the [HA Settings] window will appear.
        image.png

          image.png

      1. Click the [Mode] drop-down list to select [Active/Standby].
      2. Input an [HA Interface IP Address].
      3. Input an [HA Interface Submask]. The HA subnet must be different from the network of MGMT Port (WAN1) or Independent MGMT Port you use.
      4. (Optional) Input a [VLAN ID] if needed.
      5. Input a [Unicast Heartbeat Peer IP]. The IP address must be the IP address of the target EdgeFire device that you want to connect to.
      6. Input a [Shared Secret Key]. Two EdgeFire devices in HA deployment must use the same shared secret key.
      7. Select a [Heartbeat Interval] and [Failover Trigger Level].
      8. Input a [Management IP for Management Port]. When HA is enabled and the configuration is synced up, the IP settings for all the interfaces will be synced to the active EdgeFire device. To access the management interface of the active primary EdgeFire device or the standby secondary EdgeFire device, you need to create at least a management IP to bridge to the MGMT Port (WAN1) or Independent MGMT Port (WAN2). The management IP must be within the network subnet of the MGMT Port (WAN1) or Independent MGMT Port (WAN2).
      9. Click the [Apply] button to save the HA settings.
      10. Use an Ethernet cable to connect to the HA Ports on the primary EdgeFire and the secondary EdgeFire.
        image.png
      11. On [HA Status] page, [Connection Status] will show “Connected”, and [Peer Sync Status] will show “Un-Synced – Ready for the first-time sync-up”.
      12. Click the [Sync] button, and then [Peer Sync Status] will change to “The first-time syncup is in process”. The EdgeFire which you are configuring is selected as the primary EdgeFire, and the configuration and pattern files will be copied from the primary EdgeFire to the secondary EdgeFire.
      13. When [Peer Sync Status] shows “Synced” and [Device Role Status] shows “Primary”, the two EdgeFire devices are now ready to operate in HA deployment.



      For support assistance, please Contact Us at support@txone.com or your Support Provider.

      Was this article helpful?
      What's Next
      © 2024 TXOne Networks. All rights reserved