Step 3: Cluster’s pre-shared key and data encryption

If a cluster is being created

Pre-shared key

To secure the connection between members of the cluster, you must define a pre-shared key.
This key will only be used by firewalls that are joining the cluster for the first time.

New pre-shared key	Define a password/pre-shared key for your cluster.
Confirm	Confirm the password/pre-shared key that you have just entered in the previous field.
Password strength	This progress bar indicates your password’s level of security: “Very Weak”, “Weak”, “Medium”, “Good” or “Excellent”. You are strongly advised to use uppercase letters and special characters.

Communication between firewalls in the high availability cluster

Encrypt communication between firewalls

By default, communications between the firewalls are not encrypted, since the link used by high availability is a dedicated link.

In some architectures, the high availability link is not dedicated, but if you wish to prevent inter-cluster communications from being intercepted, they can be encrypted in AES, for example.

WARNING

Selecting this option can adversely affect the performance of your HA cluster.
Only connections, and not their contents, pass through the HA link.

Configurer Unicast synchronization instead of Multicast synchronization

This option makes it possible to configure a unicast synchronization between members of a cluster during the creation of the cluster. It is required in order to deploy high availability in environments that do not support the multicast protocol, such as certain cloud hosting platforms.

Swap configuration

Enable link aggregation when the firewall is passive

When this option is enabled in a configuration that uses link aggregation (LACP), aggregates will be enabled even on the passive member of the cluster. This option is enabled by default.

Click on Next.

If a cluster exists

IP address of the firewall to contact	Enter the IP address that you had defined in the wizard during the creation of the cluster (IP address of the main or secondary link).
Pre-shared key	Enter the password/pre-shared key that you had defined in the wizard during the creation of the cluster. This icon allows you to view the password in plaintext to check that it is correct.