[ATP/FLEX] How to configure and enable Cloud Monitor mode on device HA?

Zyxel_Emily

Prerequisites

• Reset two ATP/USG FLEX firewalls to factory default settings before deploying device HA.
• Deploy two ATP/USG FLEX firewalls with device HA.
• Two devices must be the same model.
• The running firmware partition must the same position on two devices.
  For example,
  The running partition of the Active device is partition 1.
  Then the running partition of the Passive device must be partition 1.
• Connect the heartbeat port link between two devices and make sure the passive device is fully synchronized.

This following example was tested using two USG FLEX 500 (Firmware Version: ZLD 5.40).

Configuration

1. On Nebula, create a new organization and two sites in this organization.
2. Go to Organization-wide manage > Organization settings. Copy "Cloud Monitoring Mode ID".
3. Connect console on the Active device. Enter the command "monitor-mode id <Cloud Monitoring Mode ID>".
4. Connect console on the Passive device. Enter the command "show monitor-mode". Check the Monitoring Mode ID is synchronized to the Passive device.
5. On the Active device, enter the command "monitor-mode" to enable monitor mode.
6. On Nebula, go to License & inventory > Devices. Check if the Active device appears on the list.
7. Assign site "FLEX500_HA_1" to the Active device.
8. On the Passive device, enter the command "show monitor-mode". Check if monitor mode activation is synchronized to the Passive device.
9. Trigger HA failover and make the Passive device become Active role.
10. Wait for 3-5 minutes. On Nebula, go to License & inventory > Devices. You can find the Passive device appears on the list.
11. Assign site "FLEX500_HA_2" to the Passive device.
12. On Nebula, go to Organization-wide manage > Organization portal > Devices. You can find the both devices on the list.

• Online status: Active role
• Off-line status: Passive role