Views:
You can configure two gateways as an HA Group to provide high availability access. One gateway is configured as the primary and one as the secondary. When first created, the primary HA gateway is active and the secondary is passive. If one gateway is down, then the other gateway will take over (becomes active) and ensures that network traffic is not down.
An HA Group can increase network traffic efficiency in addition to providing redundancy when a fatal error is encountered.

Basic Information

  • You can use registered or unregistered gateways when creating an HA group.
    • Unregistered:
      Cloud Edge Cloud Console checks only the hardware model for each gateway chosen for the HA group. If they do not match, an error displays and the HA group is not saved.
    • Registered:
      Cloud Edge Cloud Console performs the following checks:
      • Checks hardware model, software version, and deployment mode for each gateway — if they do not match, an error displays and the HA group is not saved.
      • Checks the heartbeat interfaces — if they are not in the same subnet, an error displays and the HA group is not saved.
      • Checks the VRRP interfaces — if they are not in the same subnet, an error displays and the HA group is not saved.
      • Checks whether the gateways are online — both Cloud Edge gateways must be online to successfully save the HA group.
  • A gateway can belong to only one HA Group.
  • Only active–passive mode is supported.
  • The active node is designated the master.
  • The HA group can function in either preemption or non-preemption mode
    • Preemption (check box, default): Primary gateway will return to active role after it recovers from a previous failure.
    • Non-preemption: Primary gateway does not automatically resume the active role after recovery from a failure. User must perform manual failover.
  • Before creating an HA group, ensure that the following items are addressed
    • Gateways in an HA group must be deployed in routing mode.
    • Gateways in an HA group must be the same model.
    • Gateways in an HA group must have the same firmware version.
      Note
      Note
      When the firmware version is updated or rolled back on one gateway in an HA group, the firmware must be updated or rolled back to the same version on the other gateway in the HA group.
    • Gateways in an HA group must have the same timezone configuration and the time difference must be within 5 minutes.
    • The factory default interface settings for gateways must be configured before creating an HA group.
  • Cloud Edge Cloud Console pushes configurations for the gateways in an HA group to the gateways; however, if configuration updates are not possible, nodes from an HA group can synchronize using the heartbeat connection.
  • In the dashboard, logs, and reports, queries are supported for the primary, secondary and HA group.
  • Since policy templates configured on Trend Micro Remote Manager are deployed before an HA group is set up, there is no impact to HA groups. To Remote Manager, an HA group appears to be two stand-along gateways.

Additional HA Group Information

Keywords: HA groups,overview of