The three following steps are required to connect a high availability cluster to the SMC server:
- In the SMC server web interface, select Monitoring > Firewalls and click Create a firewall. The new firewall stands for the cluster; you do not need to declare both nodes of the cluster.
- Complete the cluster properties. The Firewall name, Description and Location fields are just filled in for information and do not have any impact on the configuration.
- For more information on the VPN contact address, refer to the section Defining the contact IP address of firewalls for VPN topologies.
- For more information on the VPN output interface, refer to the section Selecting the output interface of firewalls for VPN topologies.
- Select the folder in which you wish to organize the cluster. Folders are created in the Configuration > Firewalls and folders menu on the left. For more information, please refer to the section Organizing firewalls by folders.
- In the same window, select Generate the connecting package to generate the package while adding the new firewall. This connecting package will have to be installed on the firewall to connect to the SMC server.
You can build the package later, by editing the firewall in the Firewalls menu.
- Click on Create.
- In the Generating the connecting package panel, click on Next then select This firewall is already in production.
- On next panel, select the version of the firewall and verify and edit the information to connect to the SMC server if necessary:
- IP address or FQDN to reach: the firewall connects to this address to reach the SMC server. Depending on network topology, it is either the SMC server IP address or an external IP address reachable by the firewall and redirected towards the SMC server through a destination translation.
- Public port number: the firewall connects to this port to reach the SMC server. Depending on network topology, it is either the SMC server port (1754 by default) or an external port reachable by the firewall and redirected towards the SMC server port through a destination translation.
- For firewalls in version 3.3.0 and upwards, you can set up to ten addresses or FQDN to contact the SMC server, by order of priority. The firewall browses the addresses from 1 to 10 and connects to the SMC server through the first address reachable. If the address currently used has not the highest priority, the firewall regularly tries to reach an address with greatest priority.
- Click Generate and download.
- Provide the connecting package to the administrator in charge of administrating the cluster on the remote site.
- Ensure the administrator:
- connects to the web administration interface of the active node of the cluster.
- selects the connecting package In the menu Configuration > System > Management Center of the firewall administration interface. After installing the package, the administrator can see the connection settings to the SMC server in the same menu. They are also displayed in the SMC dashboard component.
- performs a synchronization of both nodes from the administration interface of the active node. The passive node retrieves then the configuration contained in the firewall connecting package.
- In the SMC server web interface, verify that the state of the cluster changes in the Firewalls menu. It must be "On line". The mode icon changes as well: .
In case of failover, the passive node will become active and will automatically connect to the SMC server.
- To view different types of information about both nodes of the cluster, edit the cluster in the Firewalls menu and open the High availability tab.
The SMC server regularly synchronizes both nodes in the high availability clusters of firewalls that it manages. To disable this automatic synchronization, refer to the section Disabling automatic synchronization of high availability clusters.