Prepare the environment for converting a Single Firewall to a Firewall Cluster

Make sure your environment meets these requirements before you convert a Single Firewall to a Firewall Cluster.

Steps

  1. Select one Single Firewall element to convert to a cluster.
  2. Make sure that you have a license for each node in the Firewall Cluster.
  3. If you are not using identical hardware, make sure that the performance levels match your needs.
    You can use hardware with different performance levels for load-balanced clustering. For standby clustering, the performance level of each node must be high enough to handle all traffic.
  4. Make sure that enough IP addresses are available in the network, especially if the Single Firewall is managed remotely.
    Each node in the Firewall Cluster needs at least one dedicated IP address for its management communications. Also, the traffic that the nodes inspect requires at least one dedicated IP address per cluster.
  5. Make sure that the NGFW Engine hardware is running software versions that are compatible with the Security Management Center, and that both NGFW Engines are running the same version.
  6. If the NGFW Engine hardware that you are adding to the cluster already has a working configuration from previous use, return it to the initial configuration state using the NGFW Configuration Wizard (sg-reconfigure) on the command line.
    Do not establish a connection with the Management Server before the Firewall Cluster element is ready.
    CAUTION:
    If the Firewall has a working configuration, it goes online and processes traffic when you turn it on to configure it for the Firewall Cluster.
  7. Connect the network cables to the new NGFW Engine hardware and turn it on.