joinHA operation
This operation allows a firewall to join a cluster, which must already be initialized. The network interfaces dedicated to HA must be physically connected (active and passive firewalls)
In an RMA hardware return, the exchanged firewall must be removed from the cluster beforehand using the following CLI / serverd commands:
ha cluster remove serial="remote"
ha cluster activate
For more information on the syntax of these commands, refer to the CLI SERVERD Commands Reference Guide SNS v3 or CLI SERVERD Commands Reference Guide SNS v4.
The joinHA operation uses a third temporary IP address for the connection to the main firewall in the cluster.
Format
"serial | any", joinHA, "IP_HA_1", "IP_HA_2", "IP_HA_join", "mask", interface_name", "password"
"serial | any", joinHA, "IP_HA_1", "IP_HA_2", "IP_HA_join", "mask", interface_name", "password", "IP_HA_join_backup", "mask_backup", "interface_name_backup"
Parameter | Description |
IP_HA_1 | First remote IP address tested to reach the cluster. |
IP_HA_2 | Second remote IP address tested to reach the cluster if IP_HA_1 does not respond, or IP address assigned to the interface "interface_name" (interface dedicated to HA ) if the main firewall could be reached via IP_HA_1. |
IP_HA_join | IP address that the firewall temporarily uses to reach the cluster. |
mask | Network mask of the interface "interface_name". |
interface_name | Name given to the interface dedicated to the main HA link. |
password | Pre-shared key to secure the connection between members of the cluster. |
IP_HA_join_backup | IP address assigned to the interface "interface_name_backup" (interface dedicated to the backup HA link). |
mask_backup | Network mask of the interface "interface_name_backup". |
interface_name_backup | Name given to the interface dedicated to the backup HA link. |
EXAMPLES
SN310B00000000Z, joinHA, 192.168.192.4, 192.168.192.5, 192.168.192.6, 255.255.255.248, HA, PasswordValue
SN310B00000000Z, joinHA, 192.168.192.4, 192.168.192.5, 192.168.192.6, 255.255.255.248, HA, PasswordValue, 192.168.192.12, 255.255.255.248, HA2
IMPORTANT
The USB key must be removed when the firewall joining the cluster restarts, during the configuration synchronization phase.