Set HA Heartbeat settings for an Airwall Gateway HA pair

When setting up an Airwall Gateway HA pair you must set up a heartbeat between the two HA units. There are two options: LAN mode or routed mode:

  • LAN mode – This mode is recommended for side-by-side physical Airwall Gateway models and requires setting up a dedicated port group for the heartbeat (HA port) on both Airwall Gateways. As a best practice, connect the two ports directly using a private network cable. You may also connect the ports via a switch on the same LAN.
  • Routed mode – In routed mode, the heartbeat is sent over UDP and no HA port is needed and both Airwall Gateways may reside on separate underlay networks. In both cases, it is assumed the overlay ports of both units are set up to connect to the same device network. Unlike LAN mode, the heartbeat packets are encrypted and may be sent over a WAN.
  1. Go to the Airwall Gateway that is the primary in the High Availability pair.
  2. Open the HA tab.
  3. If you haven’t yet, select the secondary Airwall Gateway and synchronize the port configurations.
  4. Under Heartbeat settings, set the following:
    • Heartbeat mode – Select Routed or LAN.
    • Heartbeat rate – Enter the rate in seconds that the active Airwall Gateway will send a heartbeat to the standby Airwall Gateway. A faster rate will result in a faster failover if the active Airwall Gateway fails.
    • Timeout – Enter how long in seconds that the standby Airwall Gateway will wait after not receiving a heartbeat before failing over. Increasing the timeout will delay the failover in case of failure but helps reduce the likelihood of spurious failovers in situations where heartbeats are delayed because the active Airwall Gateway is under heavy load or because of network congestion.
    • Port – The port used for sending the heartbeat in routed mode. The default option should work in most cases, but you can change it if needed.
    Heartbeat settings on an HA Airwall Gateway pair
  5. Under Heartbeat IP addresses, leave Use published underlay IPs checked, or clear it and manually enter IPs for the primary and secondary Airwall Gateways. You might want to change this in deployments where the published IP will be a publicly routable IP, but you want to make sure the heartbeat takes a direct path using a non-published private IP.
Return to Configure High Availability Airwall Gateways (v2.2.8 and later) to complete setup.