The following section documents common issues that you might encounter with FireCluster and provides details on how to address those issues.
When you enable FireCluster or use the Discover Member command in Firebox System Manager to discover a new member, the cluster master uses the configured cluster interface to discover the backup master. If the cluster master does not discover the other member, make sure the two cluster members are the same Firebox model, and run the same Fireware version.
You might receive an error message in Firebox System Manager for the active cluster member that "The cluster members are running different Fireware OS versions", even if the Fireware versions of the members are the same. This occurs because the cluster members are not synchronized with each other. Check your connections, and use the Discover Member command again to establish the connection.
To eliminate the FireCluster as a factor, you can temporarily disable FireCluster in the configuration.
- Create a FireCluster Backup Image of your cluster master device.
- Power off the backup master.
- On the cluster master device, clear the Enable FireCluster check box.
If there is no change, it is unlikely that this issue is related to your FireCluster configuration. You might need to examine the physical or logical architecture of your network. To learn more about FireCluster network architecture, go to FireCluster.
When you disable the FireCluster, the backup master restarts with factory-default settings. To get the FireCluster back up, you must restore the backup image and then power on the other cluster member. If you neglect to perform this step, the other cluster member attempts to become the master again once it is powered back on, and you will have two Fireboxes with the same configuration and no clusters.
In a FireCluster, a health metric, called the Weighted Average Index indicates the health of each member. This index measures the status of monitored ports, processes, and hardware. If the Weighted Average Index of the backup master is lower than on the cluster master, failover cannot occur. To see the Weighted Average Index and other health information for each cluster member, you can look at the Cluster Health Section of the Status Report.
If the Weighted Average Index for one member is lower, look at the other contributing indexes to determine whether that device has a possible hardware, software, or connectivity issue. For more information about the health indexes, go to Monitor Cluster Health.
When you configure a FireCluster, you designate a Management IP address for each cluster member. If you cannot connect to a specific FireCluster member, make sure your management computer has a route to the Management IP address for that cluster member. For more information, go to About FireCluster Management IP Addresses.