Re-enable disabled cluster nodes

You can re-enable nodes in a cluster that you have temporarily disabled.

When a Firewall Cluster, IPS Cluster, Layer 2 Firewall Cluster, or Master NGFW Engine node has been disabled, its configuration is typically made obsolete by policy installations done on the other cluster nodes. Having an obsolete configuration prevents the node from operating normally and might in some cases disturb the operation of the whole cluster.

  For more details about the product and how to configure features, click Help or press F1.


  1. (Recommended) Before connecting the disabled node (the same physical device or a replacement), set the node to the initial configuration state using the NGFW Initial Configuration Wizard (sg-reconfigure) on the engine command line.
    Note: If you reintroduce a disabled node that has a working configuration, the node must receive the heartbeat traffic from other nodes and accept it (based on certificates). Otherwise, the node considers itself the only available cluster member and goes online. Cluster nodes that do not communicate with each other might prevent the whole cluster from processing traffic.
  2. In the Management Client, select Configuration.
  3. Right-click the NGFW Engine, then select Edit <element type>.
  4. In the navigation pane on the left, browse to General > Clustering.
  5. Deselect the Disabled option in the Nodes table for the nodes you want to re-enable, then click OK.
  6. Click Save and Refresh to ensure that all nodes have the same configuration.
    Note: If the policy installation is unsuccessful, return the previously disabled node to the initial configuration state.
  7. (Optional) In the Home view, right-click the node, then select Commands > Go Online or Commands > Standby to return the node to operation.
    The node is set to online or standby mode shortly.