ClusterXL and SMB devices

Document created by Günther W. Albrecht on Feb 19, 2018
Version 1Show Document
  • View in full screen mode

Using ClusterXL with SMB units is easy - the secondary cluster member syncs with the configuration details from the active node after setup. Only HA Clustering is supported, and also some other details are different when compared to GAiA devices:


  • On locally managed SMB clusters, you have to use the Advanced Settings for special cluster parameters:
    Attribute NameTypeValueDescription
    Cluster - Use virtual MACboolfalseIndicates if a virtual MAC address will be used by all cluster members to allow a quicker failover by the network's switch
    NAT - Perform cluster hide foldboolfalseIndicates if local IP addresses will be hidden behind the cluster IP address when applicable
    VPN Site to Site global settings - Cluster SA sync packets thresholdlong200000Sync SA with other cluster members when packets number reaches this threshold
    VPN Site to Site global settings - Use cluster IP address for IKEbooltrueIndicates if IKE is performed using cluster IP address (when applicable)


  • sk111854 1400/1100/1200R/700/600 ClusterXL does not fail-back to Primary member

For the Primary cluster member to resume handling the traffic of a SMB cluster, a manual fail-over must take place. Connect to the WebUI of the Secondary (Currently Active) cluster member, browse to: Device > High Availability > Force Member Down.


  • sk20576 How to set ClusterXL Control Protocol (CCP) in Broadcast / Multicast mode in ClusterXL

On cluster members, a cphaconf set_ccp multicast will change ClusterXL to Multicast mode. This does also work on SMB clusters, but will not survive a reboot - see also a cat $FWDIR/boot/ha_boot.conf ! We can not write to ha_boot.conf but have to use userScript.


On the 1400/1100/1200R/700/600 appliance, go to /pfrm2.0/etc/ directory:

[Expert@Appliance]# cd /pfrm2.0/etc/

Create the special file:

[Expert@Appliance]# touch userScript

(Note: the name contains Captial 'S'.)

Edit the file in Vi editor:

[Expert@Appliance]# vi userScript

userScript must be in shell script format:


Add the full path to the command 'cphaconf':

/opt/fw1/bin/cphaconf set_ccp broadcast


/opt/fw1/bin/cphaconf set_ccp multicast

Set the file permissions:

[Expert@Appliance]# chmod 777 userScript

Reboot the appliance and check CCP mode:

[Expert@Appliance]# cphaprob -a if

  • sk113039 SMB ClusterXL and VPN HA do not work upon Cluster-failover

This is important for configuration of a VPN between a locally managed cluster and a single SMB GW.

3 people found this helpful