Building Firecluster retrospectively with one existing node already active
We have a single M370 Firebox currently in service and have purchased a second M370 to make a cluster. Are there any simple instructions on how to create the cluster using the config on the existing in-service node as is ( apart from adding some cluster interfaces to go between the fireboxes.)?
...or am I going to have to rebuild the cluster from scratch? (using Policy Manager - which we dont use currently)
Just wondered if anyone had any experience of building the cluster retrospectively like this?
Thanks
0
Sign In to comment.
Answers
Hi @GrahamD
All fireclusters start out with just one member configured, so you're absolutely fine. The only device that will need to be reset is the new one you're adding -- to make it discoverable.
Please see the quick start guide here:
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/ha/cluster_quick_start.html
There's also a video here:
https://www.watchguard.com/help/video-tutorials/Firecluster/FireCluster.mp4
-James Carson
WatchGuard Customer Support
Hi James,
thanks for the reply. So the backup firebox presumably assumes the IP addresses of all the Primary box interfaces ( outside of the configured cluster communication interfaces which are unique to each firebox) when it does failover?
That makes things easier - I thought I might have to make cluster IPs for all interfaces that can move between boxes - which would have meant I had to re-IP the current active firebox.
Thanks
Graham
Yes,
If you're looking to use Active/Backup mode, they actually share a MAC address across the two devices as well (the master unit is just the one that replies to traffic. Most customers use active/backup due to the licensing advantages, and having a fully operational network if one unit were to go down.
If you're looking to use Active/Active mode, there are some extra switch requirements for multicast MAC that need to be set up.
-James Carson
WatchGuard Customer Support