Skip to main content

🀝 Setting up high availability (HA) - step-by-step guide

Brevis Support
Updated

Configuration is done via:
Configuration β†’ High Availability

πŸ› οΈ Requirements for a Stable HA Setup

Two identical gateways with:

  • A valid license

  • The same firmware version

  • Static IP addresses for both gateways (do not use DHCP!)

  • A virtual IP address (VIP) that is freely available in the network
    (Test availability in advance via ping or arp-scan)

  • A shared SHA1 secret for mutual authentication between gateways

πŸ“‹ Step-by-Step Configuration

1️⃣ Prepare Both Gateways

  • Open the web interfaces of both devices in separate browser tabs.

  • Under Configuration β†’ Network:

    • Assign a static IP address

    • Set subnet mask and default gateway

    • Save and restart both devices

2️⃣ Configure HA Settings

In Configuration β†’ High Availability on both devices:

  • βœ… Enable HA (check the box)

  • 🧭 Enter the virtual IP address (VIP)
    β†’ Ensure the VIP is not in use elsewhere on the network!

  • 🧩 Enter the network mask to match your IP setup

  • πŸ” Set the SHA1 secret
    β†’ Must be identical on both devices!

🧭 Define Roles:

  • On the master device: Enable β€œMaster” checkbox

  • On the slave device: Leave β€œMaster” unchecked

πŸ” Peer Configuration:

  • Enter the IP address and hostname of the other gateway

  • Click Save

3️⃣ Restart Both Gateways

  • Reboot both gateways via the web interface

  • Wait until both devices are fully reachable

πŸ” Function Test

  • In your browser, test the following:

    • The individual IP addresses of both gateways

    • The virtual IP address (VIP)

πŸ”„ Test Failover

  • Manual switchover is only possible via the VIP

  • Test functionality using:
    β†’ Manual Cluster Failover

βœ… The system should automatically switch roles (Master ↔ Slave)

πŸ“€ Optional: Transfer Configuration to the Second Gateway

If you prefer configuring only one gateway:

  • Export the configuration
    (via web GUI or shell)

  • Import it to the slave gateway

⚠️ Manual adjustments are required:

  • 🧾 Change the IP address

  • πŸ–₯️ Adapt the hostname

  • πŸ” Re-enter the HA settings manually

🧠 Important: HA settings are not transferred during import!
Manual reconfiguration is absolutely necessary!

⚠️ Troubleshooting – If Something Goes Wrong

🚫 Gateway Unreachable / Bootloop?

  • Try accessing the device via console (SSH or direct terminal)

  • If not possible:

    • Disconnect power for 1–2 minutes

    • Reconnect and check again

πŸ”„ Apache Web Server in Restart Loop?

  • Check if the local IP conflicts with the VIP

  • If unsure: Reset to factory defaults

πŸ’‘ Tips for Stable HA Operation

  • Never use DHCP β†’ Always use a static network configuration

  • Set up an NTP time server
    β†’ Time differences disrupt HA communication

  • Regularly verify consistency across both gateways:
    β†’ Users, rules, services must stay in sync

  • Optional: Set up automated config backups

Related to

Related articles

Comments

0 comments

Please sign in to leave a comment.