Some Firebox models support user-installable interface modules. Because the number of interface modules installed on these models can vary, these models have additional FireCluster configuration requirements.
For more information about the interface modules, go to About Modular Interfaces.
Hardware Configuration Requirements
Both members of a FireCluster must be the same device model, and must have the same number and type of interface modules installed in the same slots. The cluster cannot form if the hardware configuration for both devices does not match exactly.
Both Firebox devices must also run the same version of Fireware.
Interface Connection Requirements
When the cluster is first formed, you must use a built-in interface to connect the two cluster members together. You can connect the built-in interfaces directly, or through a switch, as long as they are on the same network. When you enable FireCluster on one device, that device uses the built-in interfaces to discover the second cluster member. The cluster master cannot discover the second member through the modular interfaces, because the modular interfaces are not enabled on the second device when it is started with factory-default settings.
- On an M5600, the only built-in interface is interface 32
- On an M470, M570, M590, M670, M690, M4600, T80, and T85, the eight built-in interfaces are interfaces 0 through 7
If possible, we recommend that you select a built-in interface as the primary cluster interface. With this configuration, you directly connect the built-in interfaces of the two members, and member discovery can happen through that interface.
If you prefer to use a modular interface as the primary cluster interface, you must use the alternate FireCluster formation method that bypasses the auto-discovery process. For more information, go to Alternate FireCluster Configuration.
You must also configure a backup cluster interface that uses a built-in interface. After an upgrade or a FireCluster configuration change, the primary member uses the built-in interface to discover the secondary member. Discovery cannot occur over a modular interface. If you do not configure a backup cluster interface that uses a built-in interface, the backup member resets to factory default because the primary member cannot locate the secondary member.
Install or Remove Interface Modules for a FireCluster
When you install or remove interface modules for a FireCluster you must disconnect both members from power while you remove or install interface modules. Each Firebox automatically detects installed interface modules when you power it on.
Before you remove an interface module, you must disable the interfaces in the Firebox configuration. If an enabled interface is not installed, you cannot connect to the Firebox to modify the configuration.
Interface modules are not hot-swappable. It is important to completely disconnect the power from each Firebox before you install or remove interface modules. For complete information about interface modules and how to safely install them, see the Hardware Guide for your Firebox.
To add, remove, or replace an interface module for a FireCluster:
- Use Policy Manager to disable all interfaces on the interface module you will remove.
- In the FireCluster settings, make sure that the primary and backup cluster interfaces are not assigned to interfaces you will remove.
- Save the configuration to a file and also to the cluster master.
- If you changed the cluster interface, connect the new cluster interfaces together after you save the configuration.
- If you changed the cluster interface, make sure that the cluster has reformed after you save the configuration.
- Power off and disconnect the power from both cluster members.
- Add, remove, or replace the same interface modules to both members. Go to the Hardware Guide for your device for detailed interface module installation instructions.
- Power on both cluster members.
- Each Firebox detects the installed interfaces, and the cluster forms automatically.
After the new interface module is installed and cluster has reformed, you can update the configuration to use the newly installed interfaces.
- You can change the FireCluster primary or backup cluster interfaces to any installed modular interface. If you change the cluster interface, make sure to connect the new cluster interfaces together after you save the configuration.
- In the Network configuration settings, enable and configure any newly installed modular interfaces.
- In the FireCluster settings, you can change the management interface to any enabled interface.