Step 3: Cluster’s pre-shared key and data encryption

If a cluster is being created

To secure the connection between members of the cluster, you must define a pre-shared key.
This key will only be used by firewalls that are joining the cluster for the first time.

Pre-shared key Define a password/pre-shared key for your cluster.
Confirm Confirm the password/pre-shared key that you have just entered in the previous field.
Password strength This progress bar indicates your password’s level of security: “Very Weak”, “Weak”, “Medium”, “Good” or “Excellent”. You are strongly advised to use uppercase letters and special characters.

Communication between firewalls in the high availability cluster

Encrypt communication between firewalls By default, communications between the firewalls are not encrypted, since the link used by high availability is a dedicated link.

In some architectures, the high availability link is not dedicated, but if you wish to prevent inter-cluster communications from being intercepted, they can be encrypted in AES, for example.
  1. Selecting this option can adversely affect the performance of your HA cluster.
  2. Only connections, and not their contents, pass through the HA link.

Swap configuration

Enable link aggregation when the firewall is passive When this option is enabled in a configuration that uses link aggregation (LACP), aggregates will be enabled even on the passive member of the cluster. This option is enabled by default.

Click on Next.

If a cluster exists

IP address of the firewall to contact Enter the IP address that you had defined in the wizard during the creation of the cluster (IP address of the main or secondary link).
Pre-shared key Enter the password/pre-shared key that you had defined in the wizard during the creation of the cluster.
This icon allows you to view the password in plaintext to check that it is correct.