Add nodes to clusters

By default, the Engine Editor displays two nodes in the Clustering pane. You can add new nodes to the cluster.

Before you begin

Before adding a node to the configuration, install the physical NGFW Engine device and connect the cables. At a minimum, connect the cables for the interfaces that enable communication with the Management Server and between the clustered NGFW Engines.

If the device has a working configuration from previous use, use the NGFW Configuration Wizard (sg-reconfigure) on the command line to return the device to the initial configuration state. Set up the initial configuration state before connecting the device to the network. Do not make initial contact with the Management Server.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Right-click an NGFW Engine, then select Edit <element type>.
  2. Browse to General > Clustering.
  3. Click Add Node.
  4. Give the node a unique name.
  5. In the Nodes table, review and update the information in the IP Address, Contact IP Address, and Comment columns for each NDI.
    Double-click the value you want to change.
    Firewall CVI details are identical between the nodes, so adding a node to a Firewall Cluster does not require changing the CVI configuration in any way.
  6. Click OK.
  7. Click Save.
  8. Save the initial configuration for the new NGFW Engine node to create a one-time password.
  9. Make initial contact between the new NGFW Engine and the Management Server.
  10. Refresh the policy to transfer the changes to the NGFW Engines.
    To refresh the policy of the existing node before the new nodes are initialized, disable the inactive nodes on the Clustering pane in the Engine Editor. Otherwise, the policy installation fails due to a lack of connectivity to all nodes.

Engine Node Properties dialog box

Use this dialog box to define the properties of an engine node.

Option Definition
Name The name of the node.
Comment

(Optional)

A comment for your own reference.
Interfaces table
Name Specifies a unique name for the engine node.
Interface ID Maps to the physical interface of the engine node's network card.
Node ID Specifies a system-generated identifier for the engine node.
IP Network Specifies the IP address of the network cluster to which the engine node belongs.
IP Address Specifies the IP address of the engine node.
Contact IP Address

(Optional)

Specifies the translated IP address of the engine node that is required when NAT is applied between two SMC components.
Comment

(Optional)

A comment for your own reference.