Convert a Single IPS engine to an IPS Cluster

You can convert an existing Single IPS element to an IPS Cluster element.

Converting a Single IPS element to an IPS Cluster element maintains the relationship of the NGFW Engine element with other configurations in the system. The conversion requires you to select one Single IPS element to convert to an IPS Cluster.

The following limitations apply when you convert a Single IPS to an IPS Cluster:
  • It is not possible to combine two Single IPS elements into an IPS Cluster element.
  • A Single IPS engine can only be converted to a two-node IPS Cluster. If you want to add more nodes to the cluster, you must add the nodes separately after the conversion.
CAUTION:
If you change the control IP address of the existing node in this process, the connection between the NGFW Engine and the SMC is lost.

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Make sure that both NGFW Engines are licensed.
    The licensing of clustered NGFW Engine nodes is done in the same way as the licensing of two Single IPS engines. All current IPS engine licenses allow clustering the nodes, so no license changes are required to activate the feature.
  2. Make sure that the NGFW Engines are running software versions that are compatible with the Security Management Center, and preferably that both NGFW Engines are running the same version.
    Although the cluster can be installed with the NGFW Engines running different software versions (unless otherwise stated in the Release Notes), long-term use with mismatched versions is not supported.
  3. If the new IPS engine you want to add to the IPS Cluster already has a working configuration from previous use, return it to the initial configuration state.
    You can do so in the NGFW Configuration Wizard (sg-reconfigure) on the command line.
    Note: Do not establish a connection with the Management Server before the IPS Cluster element is ready.
  4. Connect the network cables to the new node and power it on.
  5. Right-click the Single IPS element that you want to upgrade to an IPS Cluster, then select Configuration > Upgrade to Cluster.
  6. Browse to Interfaces > Interface Options.
  7. Define which IP addresses are used in particular roles in system communications.
  8. Click Save.
    Note: You can still close the Engine Editor without saving the changes to return to the previous configuration and undo the conversion.
  9. Make initial contact between each node and the Management Server.
    Install and configure any new NGFW Engine nodes as part of the cluster as in a new installation.
  10. Install the policy on the IPS Cluster.
    To refresh the policy of the existing node before the new nodes are initialized, disable the inactive nodes on the Clustering pane in the Engine Editor. Otherwise, the policy installation fails due to a lack of connectivity to all nodes.