Creating a cluster across the network
Hi,
We currently have two M370 fireboxes that are located next to each other with a single ethernet cable connecting the cluster interfaces.
We wish to move one of the fireboxes into a different server room at the other end of the premises but still wish for them operate as a cluster.
I have found the following advice (from: https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/ha/cluster_hardware_setup_wsm.html
)
"We recommend that you do not use a switch between each member for the cluster interfaces. If you do use a switch between cluster interfaces, the cluster interfaces must be logically separated from each other on different VLANs."
However, is this worded correctly? Surely it means that the cluster interfaces must be connected by their own VLAN, separate from all other interfaces? Because otherwise how would the fireboxes communicate across the cluster interfaces?
Many thanks,
Ross
Comments
Hi @RossAppleby
The cluster interfaces are the crossover cables that go between the firewalls. Those must be connected from one firewall directly to the other.
The other interfaces (External, Trusted, Optional, Custom) will be connected to whatever equipment or switch you need to use it with.
So long as the length of cable between the firewalls does not cause any additional latency, this type of setup will usually work. The most common pitfall customers run into is when plugging into different switches, the switches do not want to allow the MAC sharing between the firewalls. Be sure to test failover between the members to ensure this is working should you decide to do this.
-James Carson
WatchGuard Customer Support
In my opinion, this older picture is a much better representation of what's going on:
http://www.watchguard.com/help/docs/fireware/12/en-us/Content/en-US/ha/images/wsm_fc_diagram_simple.jpg
-James Carson
WatchGuard Customer Support
Hi James,
Many thanks for your responses, it has helped to clarify the best way to take this project forward.
Regards,
Ross.