Related Topics
Restore a FireCluster Backup Image
When you save the backup image of a FireCluster to a file, you can later restore that image to both cluster members to return the cluster to a known state. To restore a FireCluster backup image, you must restore the image to each cluster member one at a time. As part of the restore procedure, you make cluster members leave the cluster temporarily. When a member leaves the cluster, it remains a member, but the cluster member status changes to standby.
When you restore a backup image, you must use the cluster Management IP address to connect to each cluster member. All other interfaces on the device are inactive until the final step when the backup master rejoins the cluster.
You must connect to the cluster from a workstation that is on the same subnet as the cluster Management IP address. If the Management IP address is a public, routable IP address, you can also connect through the Internet.
For more information about the cluster Management IP address, see About FireCluster Management IP Addresses.
You can use WatchGuard System Manager or Fireware Web UI to restore a backup image to members of a FireCluster. If you use Fireware Web UI, you must use Firebox System Manager to rejoin the members to the cluster after you restore the backup image to each member.
In WatchGuard System Manager, you can use Policy Manager and Firebox System Manager to restore the backup image to the cluster members.
Make the Backup Master Leave the Cluster
- In WatchGuard System Manager, use the FireCluster Management IP address to connect to the backup master.
- Start Firebox System Manager for the backup master.
- Select Tools > Cluster > Leave.
The backup master leaves the cluster and reboots.
Do not make configuration changes to the cluster master after the backup master has left the cluster.
Restore the Backup Image to the Backup Master
- In WatchGuard System Manager, use the FireCluster Management IP address to connect to the backup master.
- Start Policy Manager for the backup master.
- Select File > Restore to restore the backup image.
The device restarts with the restored configuration.
For more information, see Restore a Firebox Backup Image.
Restore the Backup Image to the Cluster Master
- In WatchGuard System Manager, use the interface for management IP address to connect to the cluster master.
- Start Policy Manager for the cluster master.
- Select File > Restore to restore the backup image.
The device restarts with the restored configuration.
For more information, see Restore a Firebox Backup Image.
- In WatchGuard System Manager, use the interface for management IP address to connect to the cluster master.
If the backup image you restored has a different interface for management IP address for this cluster member or a different passphrase, use the interface for management IP and passphrase from the backup image to reconnect to the device.
Make the Backup Master Rejoin the Cluster
- In WatchGuard System Manager, use the management IP address to connect to the backup master.
If the backup image you restored has a different interface for management IP address for this cluster member or a different passphrase, use the interface for management IP and passphrase from the backup image to reconnect to the device.
- Start Firebox System Manager for the backup master.
- Select Tools > Cluster > Join.
The backup master reboots and rejoins the cluster.
You can use Fireware Web UI to restore a backup image to each cluster member. You must use Firebox System Manager to rejoin each member to the cluster.
Restore the Backup Image to each Cluster Member
To restore the backup image to a cluster member, in Fireware Web UI:
- Use the FireCluster Management IP address to connect to the Fireware Web UI of one cluster member.
You can restore the backup image to either cluster member first. - Select System > Restore Image.
- Click Leave Cluster and Reboot.
The cluster member reboots in standby status. After the reboot, the other member is the cluster master. - Use the cluster management IP address for the cluster member to log back into the Web UI.
In the Web UI, the Firebox does not appear to be a cluster member. - Select System > Restore Image.
- Click Browse.
- Select the location and file name of the saved backup image file created for this device. Click Open.
- In the Encryption Key text box, type the encryption key for the saved backup image you selected.
- Click Restore.
The device restores the backup image. It restarts and uses the backup image.
For more information, see Restore a Firebox Backup Image.
Use the Management IP address of the second member to connect to the Web UI and repeat these steps to restore the same backup image to the second member.
For best results, we recommend that you use the same procedure to restore the backup image to both cluster members. But because the first member is in standby status, you can optionally skip steps 3 and 4 when you restore the backup image to the second cluster member.
Rejoin the Members to the Cluster
After you restore the backup image to each cluster member, use Firebox System Manager to rejoin each member to the cluster.
- In WatchGuard System Manager, use the Management IP address to connect to one cluster member.
The cluster member status is standby.
If the backup image you restored has a different interface for management IP address for this cluster member or a different passphrase, use the interface for management IP and passphrase from the backup image to reconnect to the device.
- Start Firebox System Manager for the cluster member.
- Select Tools > Cluster > Join.
The cluster member reboots and rejoins the cluster.
Repeat these steps with the Management IP address of the second cluster member to rejoin the second member to the cluster.