Step 3: Cluster’s pre-shared key and data encryption
If a cluster is being created
To secure the connection between members of the cluster, you must define a pre-shared key.
This key will only be used by firewalls that are joining the cluster for the first time.
| Pre-shared key | Define a password/pre-shared key for your cluster. |
| Confirm | Confirm the password/pre-shared key that you have just entered in the previous field. |
| Password strength | This progress bar indicates your password’s level of security: “Very Weak”, “Weak”, “Medium”, “Good” or “Excellent”. You are strongly advised to use uppercase letters and special characters. |
Communication between firewalls in the high availability cluster
| Encrypt communication between firewalls | By default, communications between the firewalls are not encrypted, since the link used by high availability is a dedicated link. In some architectures, the high availability link is not dedicated, but if you wish to prevent inter-cluster communications from being intercepted, they can be encrypted in AES, for example. WARNING
|
Swap configuration
| Enable link aggregation when the firewall is passive | When this option is enabled in a configuration that uses link aggregation (LACP), aggregates will be enabled even on the passive member of the cluster. This option is enabled by default. |
Click on Next.
If a cluster exists
| IP address of the firewall to contact | Enter the IP address that you had defined in the wizard during the creation of the cluster (IP address of the main or secondary link). |
| Pre-shared key | Enter the password/pre-shared key that you had defined in the wizard during the creation of the cluster. This icon  allows you to view the password in plaintext to check that it is correct. |