You must activate the new configuration to finish converting a Single Firewall element to a Firewall Cluster element.
For more details about the product and how to configure features, click Help or
press F1.
Steps
-
If any external device uses the firewall as a default gateway or VPN endpoint and the previously used IP address is converted to
an NDI, reconfigure the external equipment to reference a CVI address.
-
Run the NGFW Configuration Wizard on the command line (sg-reconfigure) or in a web browser.
-
Make sure the interface IDs are mapped to the correct network ports on the hardware.
-
Make initial contact between the NGFW Engine nodes and the Management Server.
Install and configure any new NGFW Engine nodes as part of the cluster in the same way as in a new installation. See the Forcepoint Next Generation Firewall Installation Guide.
-
Install the policy on the cluster.
If any new nodes have not yet been initialized, set the inactive nodes to disabled before you refresh the policy of the existing node. Otherwise, the policy installation fails
due to a lack of connectivity to all nodes.
Next steps
If there are problems with the clustered configuration, you can return to single-node operation. To do so, command one node offline through the right-click menu or through the command
line.