Adjust IPS clustering options
IPS Clusters operate by default in load-balancing mode. This means that all configured nodes in an IPS Cluster are online simultaneously and the traffic is distributed among the operational nodes. The load balancing aims to keep the traffic load as evenly distributed as possible.
Alternatively, the IPS Cluster can run in standby mode. In that case, only one IPS node at a time is online and processing traffic, while the others are in standby mode. Only if the online node fails, one of the standby nodes goes online to take over the connections being handled by the failed node.
For more details about the product and how to configure features, click Help or press F1.
Steps
Engine Editor – General – Clustering
Use this branch to view nodes and add new nodes to the NGFW Engine cluster.
Option | Definition |
---|---|
Node ID (Not editable) |
Shows the ID number of the node. |
Name | Specifies the name of the node. Double-click the cell to edit the name. |
Configuration Status (Not editable) |
Shows the configuration status of the node. |
Version (Not editable) |
Shows the version of the NGFW Engine software that is installed on the engine. |
Comment (Optional) |
A comment for your own reference. |
SNMP Location | Specifies the SNMP location string that is returned on queries to the SNMPv2-MIB or SNMPv2-MIB-sysLocation object. |
SNMP Engine ID (SNMPv3 only) |
A unique identifier for each NGFW Engine node that is used by the SNMP agent. The engine ID is used with a hash function to generate keys for authentication and encryption of SNMPv3 messages. If you do not specify the SNMP engine ID, an SNMP engine ID is automatically generated. |
Disabled | Temporarily disables the node. You can enable the node later. |
Add Node | Adds a node to the cluster. Opens the Engine Node Properties dialog box. |
Edit Node | Allows you to change the properties of the selected node. Opens the Engine Node Properties dialog box. |
Remove Node | Deletes the selected node. The deleted node cannot be restored. |
Clustering Mode |
|
Clustering | Allows you to change advanced settings for the cluster. Opens the Advanced Cluster Settings dialog box. |
Advanced Cluster Settings dialog box (IPS engines)
Use this dialog box to define advanced clustering settings.
Option | Definition |
---|---|
Filter Mode | Defines how traffic is balanced between the nodes.
|
Heartbeat Message Period | Specifies how often clustered engines send heartbeat messages to each other (notifying that they are up and running). Enter the value in milliseconds. The default value is 1000 milliseconds (one second).
CAUTION: Setting this option too low can result in unnecessary heartbeat failures. Setting this option too high can cause unnecessary service outages when a failure occurs.
|
Heartbeat Failover Time | Specifies the time from the previous heartbeat message after which a node is treated as failed. Enter the value in milliseconds. The failover time must be at least twice as long as the Heartbeat Message Period. The default value is 5000 milliseconds.
CAUTION: Setting this option too low can result in unnecessary heartbeat failures. Setting this option too high can cause unnecessary service outages when a failure occurs.
|
Interface ID | Shows the assigned interface ID. |
Heartbeat IP | Specifies an IP address between 224.0.0.0 and 239.255.255.255 if you want to change the multicast IP addresses used for node-to-node communications (default: 225.1.1.1). This multicast IP address must not be used for other purposes on any of the network interfaces. |