Step 3: Cluster’s pre-shared key and data encryption

If a cluster is being created

To secure the connection between members of the cluster, you will need to define a pre-shared key.

This key will only be used by firewalls that are joining the cluster for the first time.

Pre-shared key

Define a password/pre-shared key for your cluster.

Confirm

Confirm the password/pre-shared key that you have just entered in the previous field.

Mandatory password strength

This field indicates your password’s level of security: “Very Weak”, “Weak”, “Medium”, “Good” or “Excellent”. You are strongly advised to use uppercase letters and special characters.

Communication between firewalls in the high availability cluster

Encrypt communication between firewalls

By default, communication between the firewalls is not encrypted, based on the principle that the link used by high availability is a dedicated link.

 

In some architectures, the high availability link is not dedicated, and if you wish to prevent inter-cluster communications from being read, they can be encrypted (in AES, for example).

WARNINGS

  1. Selecting this option can degrade the performance of your high availability cluster.
  2. Only connections, and not their contents, pass through the high availability link.

Click Next.

If a cluster exists

IP address of the firewall to contact

Enter the IP address that you had defined in the wizard during the creation of the cluster (IP address of the main or secondary link).

Pre-shared key

Enter the password/pre-shared key that you had defined in the wizard during the creation of the cluster.

This icon allows you to view the password in plaintext to check that it is correct.