#Configuration Guide# Sangfor IAM Active-Standby High Availability Configuration Guide

jetjetd Lv4Posted 30 Jun 2022 16:46

Last edited by jetjetd 30 Jun 2022 16:52.

Sangfor IAM Active-Standby High Availability Configuration Guide

Product: IAM

Configuration Steps——
High Availability has 2 modes which isactive-active and active-standby. This time we are going to do the active-standbymode.

Note: IAM is in route mode deployment during active-standby mode

Step 1.  Login to Active device. Goto System > Deployment to check first if the IAM devices is already on RouteMode deployment. We will be using the DMZ interface as our HA interface. You may use another free interface to use as HA interface.

Step 2.  Go to System > High Availability. In the High Availability page, it will show you two deployment mode’s detail. We willchoose Active-standby deployment and click the settings button.

Step 3.  Enter the device name, then choose the priority of the device. If this is the active device, then you may choose the priority as High.

Step 4. On Basic Setting, choose the Primary link which is HA interface then enter the remote IP. Set the shared secret for nodes device to join high availability. In tracked interface group,choose the production interface like WAN and LAN. You may enable the alarm option by clicking the Alarm option link but its optional. Then Click Next togo to the detection page.

Step 5.  On the detection page, you may change the heartbeat time out.

When you enable the “Active unit remains active always while standby unit is failed” box, if the standby device failed, the active device would remain active if there is ARP or ICMP probefail.

The ARP probe is used to detect the IAM uplink or downlink device connection. You can set the IP in the ARP probe IP address box. Themaximum IP for ARP probe is 6. If either one IP detection failed, then it will fall into ARP probe failure.

The ICMP probe is used to detect the domain or IP. If there isone domain configured, all domains need to be detected as failed to fall into ICMP probe failure. Click on the” Next” button to go to “Action” page.

Step 6.  In Action page, if you enable this option,once the device changed to standby device, tracked interface will become invalid to notify the uplink and downlink device to perform switching. Click “Next”to go to “Advanced” page.

Step 7.  In advance page, you may enable the “Simultaneous upgrade” option. It will upgrade the standby device when the active device being upgraded.

Click on the Commit button to save the configuration. Click “Yes”when the new window opens.

Step 8.  Login to standby device, Go to System >Deployment to check first if the IAM devices is already on Route Mode deployment.

Step 9.  After checking the deployment mode. Go to System > High Availability. Choose Active-standby deployment and click the “Settings”button

Step 10.  Enter the device name then choose priority asLow fir standby device. On Basic Setting, choose the Primary link, which is HA interface, then enter the remote IP. Enter the shared secret that is the same as in Active device. In tracked interface group, choose the production interface that is the same as active device.
Note: Both devices deployment mode, LAN port, WAN port, and DMZ port settings must be the same, else the configuration will not sync. The IP on the interfaces can be different

Step 11.  After Clicking Next, Detection page shows.After ARP probe or ICMP probe are enabled on the active device, ARP probe and ICMP probe can be disabled on the standby device to avoid frequent switching due to factors other than the device itself. Click “Next” to go to Action page.

Step 12.  For the action and advance page, they are just the same with previous. Click on the Commit button to save configuration.Once the relogin is required window pops out, just click “Yes” to relogin.

Step 13.  To check the HA status, you may go to System> High availability. As you can see the communication status for both deviceis “OK”.

Like this topic? Like it or reward the author.

Creating a topic earns you 5 coins. A featured or excellent topic earns you more coins. What is Coin?

Enter your mobile phone number and company name for better service. Go

jetjetd Lv4Posted 03 Jul 2022 00:59
I hope everyone will find my guide useful.
RegiBoy Lv3Posted 20 Jul 2022 16:32
This is one of the major configurations we need. Thank you for sharing.
Imran Tahir Lv3Posted 22 Sep 2022 13:18

Great Job !  Thank you !