When using SonicWall High Availability (HA), you may be unable to reach or monitor the idle (secondary) unit using its configured monitoring IP address. This article explains why this happens and how to correctly configure access for monitoring tools like Auvik.
Problem
You cannot access or poll the idle HA unit (secondary firewall) using its monitoring IP, even though:
- HA is functioning normally
- The monitoring IP is configured
- The active unit is reachable
Cause
By default, SonicWall only allows management traffic (HTTPS, SNMP, SSH, etc.) on the active unit.
The idle unit does not respond to:
- SNMP polling
- HTTPS/SSH management
- Other monitoring traffic
This is expected behavior unless explicitly configured.
Solution — Enable Management Access to Idle Unit
To allow Auvik (or other monitoring tools) to access the secondary unit, you must enable management access on the HA monitoring interface.
Step 1 — Log into the Active SonicWall
All HA configuration is performed from the active unit.
Step 2 — Enable Management on Monitoring IP
Navigate to:
Device → High Availability- Locate the Monitoring IP Settings
- Ensure the following options are enabled:
- Enable Management
- Enable SNMP (if using SNMP with Auvik)
- (Optional) HTTPS / SSH as needed
Step 3 — Verify Interface Access Rules
Ensure the interface associated with the monitoring IP allows:
- SNMP
- HTTPS (if needed)
Step 4 — Test Connectivity
From the Auvik collector or another internal host:
ping <monitoring-ip>Then test SNMP:
snmpwalk -v2c -c <community> <monitoring-ip>How This Affects Auvik
Default Behavior (no changes)
- Auvik monitors active unit only
- Idle unit appears unreachable
After enabling management access
- Auvik can poll both HA members individually
- Improved visibility into:
- Hardware health per unit
- Failover readiness
- Interface status
⚠️ Important Notes
- Monitoring IP access is separate from the HA virtual IP
- Enabling access increases visibility but is not required for standard monitoring
- Auvik can fully monitor the firewall using only the active unit IP
Recommended Approach
For most environments:
- Monitor using the active/virtual IP only
- Enable idle unit monitoring only if you need per-device visibility
Troubleshooting
Still can’t reach monitoring IP:
- Confirm management is enabled on the HA settings
- Verify firewall access rules
- Ensure routing exists to the monitoring subnet
- Confirm no upstream device is blocking traffic
Summary
| Scenario | Result |
|---|---|
| Default HA setup | Only active unit is reachable |
| Management enabled on monitoring IP | Both units can be monitored |