You must change the configuration of the Single Firewall element before you can convert it to a Firewall Cluster element.
For more details about the product and how to configure features, click Help or press F1.
Steps
-
If you are not using identical hardware, make sure that the performance levels match your needs.
Equipment with different performance levels can be used for balancing the load between the clustered engines. For high availability when one engine is offline, the other engine must be able to handle all traffic alone.
-
Make sure that both firewall engines have their own license.
Firewall Clusters are licensed in the same way as two Single Firewall engines. All current firewall engine licenses allow clustering the nodes, so no license changes are required to activate clustering.
-
Make sure that the engines are running software versions that are compatible with the
Security Management Center, and preferably that both engines are running the same version.
Although the cluster can be installed with engines running different software versions (unless otherwise stated in the
Release
Notes), long-term use with mismatched versions is not supported.
-
If the firewall engine you are adding to the cluster already has a working configuration from previous use, return it to the
initial configuration state. You can set up the initial configuration state in the NGFW Initial Configuration Wizard (sg-reconfigure) on the command line.
Do not establish a connection with the Management Server before the Firewall Cluster element is ready.
CAUTION:
If
the Firewall engine has a working configuration, it goes online and processes traffic when you power it on to configure it for
the Firewall Cluster.
-
Connect the network cables to the new firewall engine and power it on.