You can configure an HA pair of firewalls from the scratch within the Configuration Tree of the Control Center. For this, two new firewalls must be 'virtually' created in the Control Center's configuration tree. Then, the configuration data of these two firewalls must be transferred to the real-world firewalls.
When configuring a CC-managed HA pair, the secondary firewall receives its configuration through the primary firewall. For a better overview and management of both firewalls, only the primary firewall is displayed in the Control Center’s configuration tree. Each change made on the primary firewall is immediately propagated to the configured secondary firewall.
On the Control Center's Status Map, both the primary and the secondary firewall is displayed as soon as the configuration for both firewalls is completed.
Before You Begin
- Ensure that a range and a cluster are configured where the primary and secondary firewalls are going to be configured.
- Ensure that the firewall types of the HA pair configuration conform to the model type of your real firewalls.
- Ensure that both stand-alone firewalls are running firmware version 8.0.1.
Step 1. Create the Configuration for the Primary Firewall in the Configuration Tree
Log into your Control Center.
- Go to CONFIGURATION > Configuration Tree > Multi Range > your range > your cluster > Boxes
- Right-click Boxes.
- From the list, select Create Box... .
- The Wizard window is displayed.
- Enter the name for the primary firewall.
- For OS Platform, select CloudGen Firewall.
- For Product Type, select the same type of product like your real-world firewall.
- Click Finish.
- Click Activate.
Step 2. Create the Secondary Firewall
The configuration node for the secondary HA firewall must be created within the Configuration Tree. For this, the two nodes Properties and Network will be replaced by a new node with the same name that also includes the edit fields for the secondary firewall.
- Go to CONFIGURATION > Configuration Tree > Multi Range > your range > your cluster > Boxes > your box .
- Right-click Box and select Create Secondary Box.
- The Box Properties and Network nodes are replaced by a new node, each suitable for an HA configuration.
- Open the Network page.
- Enter the Management IP (MIP) for the secondary firewall. The MIPs of the HA pair must be in the same subnet.
- Click Send Changes and Activate.
Step 3. Create the PAR File for the Primary Firewall
The new configuration in the Network node must be propagated to the primary firewall.
- Go to CONFIGURATION > Configuration Tree > Multi Range > your range > your cluster > Boxes > your box .
- Right-click Box and select Create PAR file for box…
- Save the PAR file for the primary firewall.
Step 4. Import the PAR File into the Primary Firewall
Log into your stand-alone firewall that must be turned into the primary firewall.
- Go to CONFIGURATION > Configuration Tree > Box.
- Right-click Box and select Restore from PAR file.
- Click OK.
- Select the PAR file that you already created for your primary firewall and click OK.
- Click Activate.
Step 5. Activate the New Network Configuration for the Primary Firewall
- On the primary firewall, go to CONTROL > Box.
- In the left navigation pane, expand Network and click Activate new network configuration.
- Select Failsafe as the activation mode.
- In the left menu, expand Operating System and click Reboot Box.
Step 6. Create the PAR File for the Secondary Firewall
The new configuration in the Network node must be also propagated to the secondary firewall.
- On the Control Center, go to CONFIGURATION > Configuration Tree > Multi Range > your range > your cluster > Boxes > your box .
- Right-click Box and select Create PAR file for box…
- Save the PAR file for the secondary firewall.
Step 7. Import the PAR File into the Secondary Firewall
Log into your stand-alone firewall that must be turned into the secondary firewall.
- Go to CONFIGURATION > Configuration Tree > Box.
- Right-click Box and select Restore from PAR file.
- Click OK.
- Select the PAR file that you already created for your secondary firewall and click OK.
- Click Activate.
Step 8. Activate the New Network Configuration for the Secondary Firewall
- On the secondary firewall, go to CONTROL > Box.
- In the left navigation pane, expand Network and click Activate new network configuration.
- Select Failsafe as the activation mode.
- In the left menu, expand Operating System and click Reboot Box.
Step 9. Verify the Configuration Change in the Control Center
On the Control Center, both the primary and the secondary firewall will be displayed in the Status Map after a successful reboot.
- On the Control Center, go to CONTROL > Status Map.
- Verify that both the primary and the secondary firewall are displayed in the Status Map.
Step 10. Verify that the Primary and Secondary Firewall are Managed by the Control Center
- In Firewall Admin, double-click the name of the primary and/or secondary firewall.
- Firewall Admin connects to the firewall and displays the configuration window.
- Go to CONFIGURATION > Configuration Tree.
Verify that the top entry of the configuration tree displays the name HA Cluster (Primary / Secondary)(Managed by Control Center).
Configuration Tree Primary Firewall | Configuration Tree Secondary Firewall |
---|---|