In Part 1 we got the prerequisites sorted out for the HA (removed all PPPoE or DHCP address assignment from the FG boxes and VLANed a switch to split the inputs between both boxes).
Part 2 is considerably easier, the cabling had been done for the VLANs now we had to designate 2x ports as our cluster comms ports, I chose
port2 on each box, each given a weight of
Next we plug configure the cluster and weighting of each box in the cluster, we wanted to run ours in Active/Active – with session pickup and reserve a port for managing the units individually on port3 as you can see from the above settings.
The process of them bringing up the cluster goes like so:
- Backup your master config (the one you want to run on the firewalls)
- Set the master unit to have a higher priority – I set ours to 255 and the other to 0
- Shut down both units
- Plug in
fw-band the same with
- Power on the master unit and allow it to boot fully
- Power on the slave unit and allow it to boot
- Log into the web interface of the firewall and check to see if the cluster is up as below
You can view stats on the cluster by going to
System -> Config -> HA and clicking
View HA Statistics here you can view session distribution etc.
And that’s it, your firewalls are now running Active/Active HA, load sharing, redundancy, the whole lot!
Why not follow @mylesagray on Twitter for more like this!