Activate the NGFW Engine configuration after converting a Single Firewall to a Firewall Cluster

You must activate the new configuration to finish converting a Single Firewall element to a Firewall Cluster element.

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. If any external device uses the firewall as a default gateway or VPN endpoint and the previously used IP address is converted to an NDI, reconfigure the external equipment to reference a CVI address.
  2. Run the NGFW Configuration Wizard on the command line (sg-reconfigure) or in a web browser.
  3. Make sure the interface IDs are mapped to the correct network ports on the hardware.
  4. Make initial contact between the NGFW Engine nodes and the Management Server.
    Install and configure any new NGFW Engine nodes as part of the cluster in the same way as in a new installation. See the Forcepoint Next Generation Firewall Installation Guide.
  5. Install the policy on the cluster.

    If any new nodes have not yet been initialized, set the inactive nodes to disabled before you refresh the policy of the existing node. Otherwise, the policy installation fails due to a lack of connectivity to all nodes.

Next steps

If there are problems with the clustered configuration, you can return to single-node operation. To do so, command one node offline through the right-click menu or through the command line.