Configure Link Aggregation for a Locally-Managed FireCluster

A link aggregation (LA) interface is a group of physical interfaces that you configure to work together as a single logical interface. You can only configure a link aggregation interface on a locally-managed Firebox configured in mixed routing mode.

This example describes how to configure two link aggregation interfaces for an active/passive FireCluster and describes how to configure link aggregation groups on the connected switches. Link aggregation is supported only for an active/passive FireCluster.

For information on how to configure link aggregation on a cloud-managed FireCluster, go to Configure Link Aggregation for a FireCluster in WatchGuard Cloud.

Network diagram of a FireCluster with an internal and external LA interface

In this example:

  • Interfaces 0 and 1 are members of an external link aggregation interface that connects to the Internet.
  • Interfaces 2 and 3 are members of an internal link aggregation interface that connects to the trusted network.
  • Each connected switch is configured with two link aggregation groups, one for each group of interfaces that connect to each cluster member.

Configure Link Aggregation Interfaces

Add two link aggregation interfaces with physical interfaces as members. You can configure each link aggregation interface in Static or Dynamic (802.3ad) mode. In this example, each link aggregation interface has two physical interface members.

  • Interfaces 0 and 1 are members of LA-External
  • Interfaces 2 and 3 are members of LA-Trusted

Screenshot of the Network Configuration dialog box.

Configure the FireCluster Management Interface

To manage this FireCluster from the trusted network, configure the FireCluster management interface to use the trusted link aggregation interface.

  1. Set the cluster interface to the trusted link aggregation interface.
    In this example, the interface is LA-Trusted.

Screenshot of the Fire Cluster Configuration dialog box.

  1. For each cluster member, set the Management IP addresses to an IP address on the subnet of the trusted link aggregation interface.
    In this example, the IP address of LA-Trusted is 10.0.100.1/24, and so the management IP addresses are also on the 10.0.100.0/24 subnet.

Screenshot of the FireCluster Configuration dialog box.

Configure Connected Switches

On each connected switch configure separate link aggregation groups for the ports that connect to each cluster member.

To configure the switch for the external link aggregation interface members:

  1. Connect interfaces 0 and 1 of each cluster member to a switch between the FireCluster and the Internet.
  2. On the switch, configure two link aggregation groups, one for the ports that connect to Member1 and one for the ports that connect to Member2.

To configure the switch for the trusted link aggregation interface members:

  1. Connect interfaces 2 and 3 of each cluster member to a switch between the FireCluster and the trusted network.
  2. On the switch, configure two link aggregation groups, one for the ports that connect to Member1 and one for the ports that connect to Member2.

Related Topics

About Link Aggregation

About FireCluster

FireCluster Diagnostics

About Link Aggregation in WatchGuard Cloud