Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
marcinw
Contributor

ClusterXL policy synchronization, nat, IPS

Hi

 

I am wondering how policy synchornization proceeds between cluster members ? Assuming I have a firewall that is being  use for years and has a lot of configured access policies, NAT rules, IPS etc. and at some stage I would like to add 2nd firewall and configure ClusterXL. Question is , will be this policy installed automatically on Cluster object ? If yes is there any way that it has to be done for example older fw with policies need to has a higher priority or it can be done only manually by adding Cluster object to manage in "manage policies" ?

0 Kudos
2 Replies
Bob_Zimmerman
Authority
Authority

The first major question is whether the system you have is a "standalone" (firewall and management server in one system) or just a firewall. Run 'fw stat' and 'fwm ver'. What do they return?

0 Kudos
the_rock
Legend
Legend

@Bob_Zimmerman makes a very good point. IF its standalone, then you could introduce whats called Full HA, which is essentially 2 standalone devices in a cluster. Then, you would have 2 gateways and 2 mgmt servers in a cluster...personally, not something I would recommend, as I always found when it works, works 100% great, but when it breaks, good luck fixing it : - ). Now, if your device is just a gateway, then you can introduce a new gateway to be part of a cluster. Just run commands he gave and you will confirm for sure. 

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events