Help Center
Request an RMA
Contact Tech Support
In this article
Cluster ConfigurationStep 1 - Use Policy Manager*** NOTE ***
Home
Product Support
WatchGuard

WatchGuard - High Availability Cluster Configuration

Edited

Cluster Configuration 

In order to configure a cluster, you must ensure that the "Trusted" network and any VLAN's are configured. Both WatchGuard Firewalls must be on the same firmware version also.

It is advised that the firewall that will act as the "backup node" has been through the initial setup wizard and obtained its licensing. Once this has been achieved the firewall must be factory reset in order for the cluster to be built.

Please note by default, the last port on the WatchGuard is used for the cluster communication

Step 1 - Use Policy Manager

Check the box "Enable FireCluster" and then select "Enable Active/Passive cluster"

Select the "Primary Cluster Interface" and the "Interface for Management IP Address"

1.png

Step 2 - Configure Cluster IP on Master

Select the Members tab and click on the Master Firewall

2.png

 

Next, we need to enter in the Primary Cluster IP Address, it is recommended to use 169.254.X.1/24 for the primary interface IP. The .X is the interface number on the firewall.

Enter the "Management" IP Address that the firewalls will use to communicate with one another.

 

3.png

Step 3 - Configure Cluster IP on Backup unit

Using Policy Manager select the second firewall

 

4.png

Next we need to enter in the Primary Cluster IP Address, it is recommended to use 169.254.X.2/24 for the primary interface IP. The .X is the interface number on the firewall.

Enter the "Management" IP Address that the firewalls will use to communicate with one another.

 

5.png

Step 4 - Obtain Feature Key

We need to obtain the feature key of the backup firewall from the WatchGuard portal the firewall was registered to.

Login to the WatchGuard portal the firewall was registered to and select "Support Centre" > "My WatchGuard" > "Manage Products" > Select the Serial Number of the Backup Unit > Get your feature key 

Copy the text from the pop-up window as we will need this next.

Step 5 - Enter Feature Key on the second firewall

Select Feature Key and then click Import

6.png

This will then open a pop up window where you can paste the key and click ok

7.png

 

Step 6 - Force the Cluster to join 

Open WatchGuard System Manager and select the Cluster, Then right click and select "Fireebox System Manager"

8.png

 

Open tools > Cluster > Discover Member 

This will then force the master unit to look for the backup cluster node.

 

9.png

*** NOTE ***

If you are configuring the firewalls offline then you will need to connect the interfaces where the Management IP Address resides to one another so the cluster forms

Was this article helpful?

Sorry about that! Care to tell us more?

Thanks for the feedback!

There was an issue submitting your feedback
Please check your connection and try again.
Powered by Front