{{ secondMenu.name }}
If you use Network Secure devices in the active/active Layer 2 mode, and the upstream and downstream devices of the Network Secure devices are routers that adopt link aggregation, you need to enable Link Aggregation to avoid transmitting the request packet and the return packet using different paths. For example, if a request packet passes through Firewall A while the return packet passes through Firewall B, the return packet will be dropped due to inconsistent paths. Link aggregation ensures that the request packet and the return packet are forwarded by the same Network Secure device. When enabled, the backend program automatically generates a number of 0 or 1 that does not appear on the page for each Network Secure device. The Network Secure device calculates results for all packets passing through the LAN or WAN interface based on their source and destination IP addresses. Packets are sent to and then forwarded from the corresponding Network Secure devices according to their calculation results (for example, a packet with a calculation result of 0 will be sent to and then forwarded from the Network Secure device marked as No.0). The configurations are shown in the following figure.
Enable: Check Enable to enable link aggregation. Conditions for enabling link aggregation: HA policy is enabled; the active/active Layer 2 is used; interfaces for data synchronization are set; and at least two Layer 2 interfaces are available.
LAN Interfaces: Specify the downstream LAN interfaces for the local and peer devices.
WAN Interfaces: Specify the upstream WAN interfaces for the local and peer devices.
The workflow is as follows:
1. The monitoring interfaces of the active and standby devices must be the same.
2. If the priorities of the virtual groups are the same, no preemption will occur regardless of whether preemption is enabled.
3. Settings are synchronized in the following two ways: bulk synchronization and incremental synchronization. When the active controller sends a request to the passive controller for synchronizing settings from the peer device to the local device, bulk synchronization is triggered. After the bulk synchronization is completed, the device checks settings for changes every 10 seconds. If changes are detected, an incremental synchronization is triggered for synchronizing the modified settings of the active controller to the passive controller. A passive controller does not have permission to modify settings. To manually modify the standby device's settings, change the device's synchronization role. Otherwise, changes cannot be submitted.
4. If the database version of Device A is valid while that of Device B is expired, synchronizing Device A's upgraded database to Device B will fail. However, this does not affect the synchronization of other settings.
5. The two HA devices must be the same model. Devices of different models have a different number of interfaces. This can cause the two HA devices to work improperly because interface settings are also synchronized during the synchronization of settings between the two devices.
{{ $t('index.defaultHeader.chromeBrowserTip') }}