Storm season is back, bringing with it the potential for significant weather events. If you have clients in areas prone to infrastructure disruption, visit the Disaster Recovery Resources guide for preparedness information. Datto recommends performing proactive disaster recovery testing to mitigate potential downtime. See our articles about the importance of disaster recovery testing and Preparing For A Cloud Virtualization Test: Policies, Procedures, And Partner Responsibilities to learn more. For live updates, follow @datto on Twitter.

DNA: Failover Policy Control

Follow

Topic

This article describes the Failover Policy Control feature of the Datto Networking Appliance (DNA).

Environment

  • Datto Networking Appliance (DNA)

Overview

The Failover Policy Control feature allows an operator to interrupt existing sessions for LAN clients during transitions to and from 4G LTE failover, and to specify the manner in which the DNA interrupts the sessions.

To access the Failover Policy Control card, log into the DNA web interface, and click Firewall, as shown in Figure 1.

Figure 1: Firewall

Procedure

1. Click the Failover Policy Control option in the Networks pane.

Figure 2: Failover Policy Control

2. You will see the configuration card shown in Figure 3.

Figure 3: Configuration card

The Failover Policy Control card allows you select from the following interruption methods:

  • Do not interrupt any traffic during Failover and Failback: The DNA will not interrupt any traffic when a failover transition occurs. In this mode, some traffic may have issues recovering, while other traffic will be able to resume, depending on the specific protocol and applications involved
  • Interrupt all traffic during Failover and Failback: The DNA will interrupt all network traffic when a failover transition occurs (via ICMP Port Unreachable for UDP, TCP Reset for TCP).
  • Custom Failover and Failback Policies: When this option is selected, the DNA will interrupt only the traffic coming from the specified Source IP via the specified Protocol for each enabled rule, using a pre-defined Method. The available interruption methods are:

    • ICMP Port Unreachable
    • TCP Reset
    • ICMP Net Unreachable
    • ICMP Host Unreachable
    • ICMP Protocol Unreachable
    • ICMP Net Prohibited
    • ICMP Host Prohibited

Select the interruption method most applicable to your environment.

You can increase the granularity of the rule's control by adding a specific Destination IP and range of Ports. This allows you to create rules such as:

  • "When this rule is enabled, interrupt only the traffic coming from this Source IP using this protocol by using this interruption method."
  • "When this rule is enabled, interrupt only the traffic coming from this Source IP using this protocol and going to this IP by using this interruption method."
  • "When this rule is enabled, interrupt only the traffic coming from this Source IP using this protocol to these ports by using this interruption method."
  • "When this rule is enabled, interrupt only the traffic coming from this Source IP using this protocol and going to this IP to these ports by using this interruption method."

Was this article helpful?

0 out of 0 found this helpful

You must sign in before voting on this article.

Calling all Partners! We want to hear your feedback! Please participate in this quick survey and help us build a better, more-relevant Knowledge Base!

Want to talk about it? Head on over to our Community Forum!