Location: Features > High Availability

High Availability 



High Availability (HA) refers to the ability of a network to operate when hardware or software fails. When you add redundancy to your network, you remove one point of vulnerability.

WatchGuard's High Availability enables the installation of two fireboxes on one network in a failover configuration. At any given moment, one Firebox is in active mode while the other is in standby mode. The standby Firebox activates when the first Firebox goes offline. Once a Firebox becomes active, it stays active until it is taken offline and the other Firebox becomes primary again.

High Availability Diagram

Why get High Availability?

There is an increasing importance for companies to get a High Availability solution for their firewall(s); from the prevention of crucial downtime through to financial loss. The consequences of not having such a recovery plan in place can have serious affects on a company's financial loss, and reputation.

WatchGuard's High Availability option provides the redundancy necessary to ensure maximum network uptime, and at the same time giving more processing power and a greater ease of use. Fireboxes set in active/passive mode give a lower cost and a constant level of performance across failover events, and does not require subscriptions and upgrades to be purchased for both machines.

Read our BLOG on High Availability here.

Rockford IT can help with the configuration of your firewalls if necessary. For more information contact us.


Requirements for HA:

  • The two Fireboxes in an HA configuration must be the same model and must use the same software version. If the software versions are different, you must upgrade the Firebox with the old version to match the other Firebox. The Firebox with the old software must have a license for the upgraded software.
  • The two Fireboxes must use Fireware Pro. Get it free when you buy an XTM 5 Series – for a limited time only!
  • The two Fireboxes must both be registered and have active LiveSecurity Service.
  • You cannot use DHCP Server or DHCP Relay on any interface enabled for HA.