AIS Managed Firewall Failover Test

Note: If a firewall will not boot without a monitor connected, go into the BIOS and try adjusting the settings to either UEFI Win7 or UEFI Win8. Some of the older hardware models need this changed when used with the newer software updates.

Methods:

  • Pull the power cord. You don’t have to be on site to do this. You can also shut the interface down remotely, but be careful to read the rest of this document first.
  • Alter the failover parameters, essentially forcing a more natural failover to occur. This is a much better test.

Regardless of chosen method:

  1. Make sure your routes are good back to the place you are testing. An example of this would be making sure you set a route to the AIS office in OB to go out WAN1 and the AIS AWS to WAN2. No matter what happens, one of those places will always be able to get to the firewall. This can be achieved by going into System > Routing and click on “Static Routes”.
  2. For the Mask, make is a /32.
  3. Choose the Gateway you ARE going to shut down. This way, if you are doing this from the office, when you pull the plug or change the failover parameters, you will lose access to the firewall but you should be able to use the Secondary IP to get back in if the failover doesn’t work correctly. 
  4. Add a route.
  5. In the destination, put that IP.
  6. For the Mask, make it a /32.
  7. Choose the Gateway you are NOT going to shut down. This will kick you out, but you should be able to connect via the WAN2 interface.
  8. If at any point you get stuck or lose connection, reach out to someone ASAP.
  9. If you can log into the secondary interface, shut down the Interface (Interfaces -> Click on WAN, Uncheck “Enable” and click “Save”). You should not lose your connection.
  10. If you can get into everything and you can test from behind the firewall, you are done.

NOTE: Because not everything is a “hard” down, you can do a test by changing the environment. This is more of a real world simulation, assuming you did not do the above. If you did, please put everything back to the way it was when you first logged in.