Requirements and Prerequisites for Clustering

Model Requirements

  • Secure Firewall 3100—Maximum 8 units

  • Secure Firewall 4200—Maximum 8 units

User Roles

  • Admin

  • Access Admin

  • Network Admin

Hardware and Software Requirements

All units in a cluster:

  • Must be the same model.

  • Must include the same interfaces.

  • The management center access must be from the Management interface; data interface management is not supported.

  • Must run the identical software except at the time of an image upgrade. Hitless upgrade is supported.

  • Must be in the same firewall mode, routed or transparent.

  • Must be in the same domain.

  • Must be in the same group.

  • Must not have any deployment pending or in progress.

  • The control node must not have any unsupported features configured (see Unsupported Features with Clustering).

  • Data nodes must not have any VPN configured. The control node can have site-to-site VPN configured.

Switch Requirements

  • Be sure to complete the switch configuration before you configure clustering. Make sure the ports connected to the cluster control link have the correct (higher) MTU configured. By default, the cluster control link MTU is set to 100 bytes higher than the data interfaces. If the switches have an MTU mismatch, the cluster formation will fail.