Using ClusterXL with SMB units is easy - the secondary cluster member syncs with the configuration details from the active node after setup. Only HA Clustering is supported, and also some other details are different when compared to GAiA devices:
- On locally managed SMB clusters, you have to use the Advanced Settings for special cluster parameters:
Attribute Name Type Value Description Cluster - Use virtual MAC bool false Indicates if a virtual MAC address will be used by all cluster members to allow a quicker failover by the network's switch NAT - Perform cluster hide fold bool false Indicates if local IP addresses will be hidden behind the cluster IP address when applicable VPN Site to Site global settings - Cluster SA sync packets threshold long 200000 Sync SA with other cluster members when packets number reaches this threshold VPN Site to Site global settings - Use cluster IP address for IKE bool true Indicates if IKE is performed using cluster IP address (when applicable)
- sk111854 1400/1100/1200R/700/600 ClusterXL does not fail-back to Primary member
For the Primary cluster member to resume handling the traffic of a SMB cluster, a manual fail-over must take place. Connect to the WebUI of the Secondary (Currently Active) cluster member, browse to: Device > High Availability > Force Member Down.
- sk20576 How to set ClusterXL Control Protocol (CCP) in Broadcast / Multicast mode in ClusterXL
On cluster members, a cphaconf set_ccp multicast will change ClusterXL to Multicast mode. This does also work on SMB clusters, but will not survive a reboot - see also a cat $FWDIR/boot/ha_boot.conf ! We can not write to ha_boot.conf but have to use userScript.
On the 1400/1100/1200R/700/600 appliance, go to /pfrm2.0/etc/ directory:
[Expert@Appliance]# cd /pfrm2.0/etc/
Create the special file:
[Expert@Appliance]# touch userScript
(Note: the name contains Captial 'S'.)
Edit the file in Vi editor:
[Expert@Appliance]# vi userScript
userScript must be in shell script format:
Add the full path to the command 'cphaconf':
/opt/fw1/bin/cphaconf set_ccp broadcast
/opt/fw1/bin/cphaconf set_ccp multicast
Set the file permissions:
[Expert@Appliance]# chmod 777 userScript
Reboot the appliance and check CCP mode:
[Expert@Appliance]# cphaprob -a if
- sk113039 SMB ClusterXL and VPN HA do not work upon Cluster-failover
This is important for configuration of a VPN between a locally managed cluster and a single SMB GW.