Activate the engine configuration after converting a Single Firewall element to a Firewall Cluster element

You must activate the new configuration to finish converting a Single Firewall element to a Firewall Cluster element.

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. If any external device uses the firewall as a default gateway or VPN endpoint and the previously used IP address is converted to an NDI, reconfigure the external equipment to reference a CVI address.
  2. Run the NGFW Initial Configuration Wizard on the command line (sg-reconfigure) or in a web browser.
  3. Make sure the interface IDs are mapped correctly to network ports according to the engine’s cabling.
  4. Make initial contact between the engine node and the Management Server.
    Install and configure any new engine nodes as part of the cluster as in a new installation.
  5. Install the policy on the cluster.

    To refresh the policy of the existing node before the new nodes are initialized, set the inactive nodes in the cluster element’s properties to disabled. (See the Cluster tab.) Otherwise, the policy installation fails due to a lack of connectivity to all nodes.

    If there are problems with the clustered configuration, you can return to single-node operation. To do so, command one node offline through the right-click menu or through the command line.