It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

How to Set Up a Managed High Availability Cluster from Two Stand-Alone Firewalls

  • Last updated on
Both systems that you set up in a high availability (HA) cluster must be the same model and firmware version, but do not have to be the same hardware revision. For instructions on how to configure an HA cluster using different revisions of the same appliance model, see How to Restore the High Availability Cluster Configuration after an RMA.

When configuring a CC-managed HA pair, the secondary firewall receives its configuration through the primary firewall. For a better overview and management of both firewalls, only the primary firewall is displayed in the Control Center’s configuration tree. Each change made on the primary firewall is immediately propagated to the configured secondary firewall.

On the Control Center's status map, both the primary and the secondary firewall is displayed as soon as the configuration for both firewalls is completed.

Before You Begin

  • Ensure that a range and a cluster are configured where the primary and secondary firewalls are going to be configured.
  • Ensure that both stand-alone firewalls are running firmware version 8.0.1.
  • Ensure that the management IP address (MIP) of both firewalls are in the same subnet.
Step 1. Create the PAR File for the Primary Firewall
  1. Log into the firewall that will be the future primary firewall.
  2. Go to CONFIGURATION > Configuration Tree.
  3. Right-click Box.
  4. In the list, click Create PAR file…
Step 2. Import the PAR File into the Control Center
  1. Log into the Control Center.
  2. Go to CONFIGURATION > Configuration Tree > Multi Range > your range > your cluster > Boxes.
  3. Right-click Boxes.
  4. In the list, click Import Box from PAR…
  5. Click Activate.
Step 3. Create the Secondary Firewall

On the Control Center, the configuration node for the secondary HA firewall must be created within the Configuration Tree. For this, the two nodes Properties and Network will be replaced by a new node with the same name that also includes the edit fields for the secondary firewall.

  1. Go to CONFIGURATION > Configuration Tree > Multi Range > your range > your cluster > Boxes > your box .
  2. Right-click Box and select Create Secondary Box.
    HA_create_secondary_box.png
  3. The Box Properties and Network nodes are replaced by a new node, each suitable for an HA configuration.
    HA_nodes_for_secondary_created.png
  4. Open the Network page.
  5. Enter the Management IP (MIP) for the secondary firewall. The MIPs of the HA pair must be in the same subnet.
    HA_enter_management_IP_for_secondary.png
  6. Click Send Changes and Activate.
Step 4. Create the PAR File for the Primary Firewall

The new configuration in the Network node must be propagated to the primary firewall.

  1. Go to CONFIGURATION > Configuration Tree > Multi Range > your range > your cluster > Boxes > your box .
  2. Right-click Box and select Create PAR file for box…
  3. Save the PAR file for the primary firewall.
Step 5. Import the PAR File into the Primary Firewall

Log into your stand-alone firewall that must be turned into the primary firewall.

  1. Go to CONFIGURATION > Configuration Tree > Box.
  2. Right-click Box and select Restore from PAR file.
  3. Click OK.
  4. Select the PAR file that you already created for your primary firewall and click OK.
  5. Click Activate.
Step 6. Activate the New Network Configuration for the Primary Firewall
  1. On the primary firewall, go to CONTROL > Box.
  2. In the left navigation pane, expand Network and click Activate new network configuration.
  3. Select Failsafe as the activation mode.
  4. In the left menu, expand Operating System and click Reboot Box.
Step 7. Create the PAR File for the Secondary Firewall

The new configuration in the Network node must be also propagated to the secondary firewall.

  1. On the Control Center, go to CONFIGURATION > Configuration Tree > Multi Range > your range > your cluster > Boxes > your box .
  2. Right-click Box and select Create PAR file for box…
  3. Save the PAR file for the secondary firewall.
Step 8. Import the PAR File into the Secondary Firewall

Log into your stand-alone firewall that must be turned into the secondary firewall.

  1. Go to CONFIGURATION > Configuration Tree > Box.
  2. Right-click Box and select Restore from PAR file.
  3. Click OK.
  4. Select the PAR file that you already created for your secondary firewall and click OK.
  5. Click Activate.
Step 9. Activate the New Network Configuration for the Secondary Firewall
  1. On the secondary firewall, go to CONTROL > Box.
  2. In the left navigation pane, expand Network and click Activate new network configuration.
  3. Select Failsafe as the activation mode.
  4. In the left menu, expand Operating System and click Reboot Box.
Step 10. Verify the Configuration Change in the Control Center

On the Control Center, both the primary and the secondary firewall will be displayed in the Status Map after a successful reboot.

  1. On the Control Center, go to CONTROL > Status Map.
  2. Verify that both the primary and the secondary firewall are displayed in the Status Map.
    verification_ha_cluster.png
Step 11. Verify that the Primary and Secondary Firewall are Managed by the Control Center
  1. In Firewall Admin, double-click the name of the primary and/or secondary firewall.
  2. Firewall Admin connects to the firewall and displays the configuration window.
  3. Go to CONFIGURATION > Configuration Tree.
  4. Verify that the top entry of the configuration tree displays the name HA Cluster (Primary / Secondary)(Managed by Control Center).

Configuration Tree Primary FirewallConfiguration Tree Secondary Firewall
HA_cluster_primary_config_tree.pngHA_cluster_secondary_config_tree.png