About FireCluster Failover
Applies To: Cloud-managed Fireboxes
Each cluster member maintains state and session information at all times. When failover occurs, the packet filter connections, branch office VPN (BOVPN) tunnels, and user sessions from the failed Firebox fail over automatically to the other Firebox in the cluster.
One Firebox is the cluster master and the other Firebox is the backup master. The backup master uses the primary cluster interface to synchronize connection and session information with the cluster master.
If you configure a backup cluster interface, and if the primary cluster interface fails or is disconnected, the backup master uses the backup cluster interface to communicate with the cluster master in some cases. We recommend a backup cluster interface only if you use a switch between cluster interfaces.
The cluster master uses both the primary and backup cluster interfaces to send a heartbeat packet once per second to the backup master.
For information about backup cluster interface best practices, go to Before You Configure a Cloud-Managed FireCluster in WatchGuard Cloud.
Events that Trigger a Failover
For a cloud-managed FireCluster, these events trigger the cluster master to fail over:
Health index is too low
Each cluster member has a Weighted Average Index (WAI) that indicates the overall health of the Firebox. The WAI for a cluster member is a weighted average of the System Health Index (SHI) and Monitored Ports Health Index (MPHI) for that device. If the WAI of the cluster master is lower than the WAI of the backup master, the cluster master fails over.
The Hardware Health Index (HHI) is disabled for cloud-managed FireClusters.
For information about how to see the health index values for a FireCluster, go to Monitor FireClusters.
Lost heartbeat
The cluster master sends a heartbeat packet through the primary and backup cluster interfaces once per second. If the backup master does not receive three consecutive heartbeats from the cluster master, this triggers failover of the cluster master. The threshold for lost heartbeats is three.
Manual failover initiated
In WatchGuard Cloud, when you select Configure > Devices> Fail Over Master, you force the cluster master to fail over to the backup master.
For more information about manual failover, go to Fail Over a FireCluster in WatchGuard Cloud.
FireCluster failover is triggered when the physical interface is down or does not respond. FireCluster failover is not triggered if multi-WAN failover occurs because of a link monitor failure.
What Happens When a Failover Occurs
When cluster master fails over, the backup master becomes the cluster master. The original cluster master rejoins the cluster as the backup master. The cluster maintains all packet filter connections, branch office VPN (BOVPN) tunnels, and user sessions.
If the backup master fails, connections and sessions are not interrupted because traffic is not assigned to the backup master in an active/passive FireCluster.
Connection/Session Type | Impact of a Failover Event |
---|---|
Packet filter connections | Connections fail over to the other cluster member. |
Branch office VPN (BOVPN) tunnels | Tunnels fail over to the other cluster member. |
User sessions | Sessions fail over to the other cluster member. |
Proxy connections | Connections assigned to the failed Firebox (master or backup master) must be restarted. Connections assigned to the other Firebox are not interrupted. |
Mobile VPN with SSL | If either Firebox fails over, all sessions must be restarted. |
Mobile VPN with IKEv2 | If the cluster master fails over, all sessions must be restarted. If the backup master fails, only the sessions assigned to the backup master must be restarted. Sessions assigned to the cluster master are not interrupted. |
Monitor a FireCluster Failover
On the Device Settings page, you can see which cluster member is the cluster master. Cloud-managed FireClusters use active/passive mode only, which means only the cluster master connects to WatchGuard Cloud. The status of the cluster master is Connected. The status of the backup master is Not Connected. For more information about the Device Settings page, go to Configure Device Settings in WatchGuard Cloud.
On the Live Status > FireCluster page, you can see a list of cluster events, which includes cluster failover events. For more information about the FireCluster Live Status page, go to Monitor FireClusters.
FireCluster Failover and Subscription Services
If you enable licensed subscription services for your FireCluster, the services continue to operate after failover. For a cloud-managed FireCluster, you must enable the subscription services in the feature key for only one cluster member. The active cluster member uses the subscription services that are active in the feature key of either cluster member.
For more information about feature keys and FireCluster, go to About Feature Keys and FireCluster.
About FireCluster in WatchGuard Cloud
Manage FireCluster Logging in WatchGuard Cloud
Configure an RMA Replacement for a Cloud-Managed FireCluster Member