If high availability isn't natively supported in Auvik and the passive device doesn't respond to ICMP or SNMP, the dormant device will be deleted (the default is 10 days). This can lead to the deletion of associated backups.
Auvik has implemented HA support to prevent this issue from occurring in certain vendors - but there may be some implementations where this still does occur. Auvik will now keep a device that matches the serial number discovered through HA specific SNMP MIBs in an online state based on vendor specific SNMP MIBs.
Understanding HA Backup Challenges
Firewalls configured in HA mode introduce complexities that can interfere with Auvik's ability to retrieve configuration files consistently. Common challenges include:
- Active vs. standby node confusion
- IP address failover
- Out-of-band (OOB) management interfaces
- CLI prompt variability over VPN tunnels
- Limited access permissions
The Role of the Auvik Collector
The Auvik collector is the local software appliance responsible for executing configuration backups, CLI tests, SNMP polling, and flow analysis. It acts as the communication bridge between Auvik’s cloud platform and your network devices.
For configuration backups:
- The collector must have network reachability to the firewall's management interface (in-band or OOB).
- CLI commands issued by Auvik are executed directly from the collector—meaning any session interruptions, route restrictions, or VPN behaviors are observed at the collector level.
- All backup credentials are tested and executed from the perspective of the collector, not the cloud. Therefore, manual CLI testing and connectivity checks must be done from the collector host itself.
In HA environments:
- The collector may need to interact with dynamic IPs or virtual IPs (VIPs) that represent the active firewall node.
- In cases of failover, the collector may still attempt to back up the now-standby node unless monitoring or logic is in place to update the backup target.
- If the OOB interface is used, the collector must reside on or have access to that management network.
To ensure successful backups, verify all paths from the collector to the firewall and simulate CLI sessions directly from the collector using the Auvik CLI test tool.
Key Configuration Areas to Verify
1. Target the Active Firewall
- Auvik can only back up the active/primary node in an HA pair.
- Ensure Auvik is pointed at the IP or hostname of the current active unit.
- Consider using a virtual IP (VIP) if your firewall supports stable active node referencing.
2. Out-of-Band (OOB) Management Interfaces
- If HA firewalls use dedicated OOB ports (e.g., MGMT interfaces), verify Auvik can route to those interfaces from the collector.
- Ensure ACLs, firewalls, and routing allow traffic between the collector and the OOB segment.
3. VPN-Based Access Limitations
- VPNs can interfere with CLI-based configuration retrieval, even if SNMP and login tests pass.
- CLI sessions may time out, return partial prompts, or block expected responses.
- Manually test CLI access from the collector to verify full session interactivity.
4. Ensure Proper User Permissions
- The backup account must:
- Have CLI or shell access to view full config
- Avoid read-only or restricted shells
- Support SCP/TFTP/FTP if required by the firewall platform
- Avoid using accounts with session restrictions or MFA prompts that interrupt automation.
5. Monitor HA Role Changes
- After a failover, the original standby becomes active. If Auvik is still pointing to the old active node, backups may silently fail.
- Use SNMP polling or traps to monitor HA role changes.
- Update Auvik device targets dynamically if IPs shift post-failover.
Best Practices
- Use the CLI test tool in Auvik to confirm prompt behavior.
- Validate backups under Device > Configuration > Backups in Auvik regularly.
- Document your HA architecture and failover process for internal and client transparency.
- Where possible, automate detection of failover and alert on backup failures.
For additional guidance, refer to Auvik KB articles:
- How do I manage my collectors?
- How to uninstall the Windows collector
- How do I manage my shared collector?
If you encounter persistent issues, please gather CLI test results, collector logs, and firewall role status and contact Auvik support.