Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ZakMeadows
Explorer
Jump to solution

Cluster behaviour

I have a couple of questions that need answering:

So if the 6600 cluster firewalls aren't able to reach the management server on the other datacentre. What will happen will they still be able to route traffic and essentially just become a router without cluster configuration and Firewall policy? I pushed the policy when I was building the Firewall's for the policy that will be used, so if the management server isn't contactable will this policy still be active and usable?

Another scenario; if we are able to get the Firewall to communicate to the management server so that it can install all the policy and form the cluster. If the server was to go down for some unknown reason what will happen to the HA cluster, will the cluster not be formed anymore? Will the Firewall's not be able to transit data? What would be the impact of that scenario? Or would live traffic not be affected?

Jim

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

A gateway, whether or not it’s a cluster, will use the last successfully installed policy UNLESS you don’t have a valid license.
Clustering works on the same principle: it’s generally unaffected by the management not being available.
Two notable exceptions:

  • Logs will be stored in the relevant gateway until the management or log server comes back online.
  • If you are doing any VPNs using certificate-based authentication with the Internal CA, expect these VPNs to fail after about 24 hours as the CRL points to the management server.

View solution in original post

0 Kudos
4 Replies
PhoneBoy
Admin
Admin

A gateway, whether or not it’s a cluster, will use the last successfully installed policy UNLESS you don’t have a valid license.
Clustering works on the same principle: it’s generally unaffected by the management not being available.
Two notable exceptions:

  • Logs will be stored in the relevant gateway until the management or log server comes back online.
  • If you are doing any VPNs using certificate-based authentication with the Internal CA, expect these VPNs to fail after about 24 hours as the CRL points to the management server.
0 Kudos
just13pro
Collaborator

To answer your other question about Firewall HA.

If one of the FW is down, the other member will take over, that is the reason of HA and live traffic will be not affected unless both devices are down.

 

 

0 Kudos
ZakMeadows
Explorer

Hi,

 

I am asking if the Management server was to goes down, will this affect anything to do with how the cluster acts?

 

Kind Regards,
Zak

0 Kudos
just13pro
Collaborator

Nope, it will not

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events