Add the Cluster to the Management Center (Manual Deployment)

Step 1

In the Cloud-Delivered Firewall Management Center, choose Devices > Device Management, and then choose Add > Add Device to add the control unit using the unit's management IP address.

1. In the Host field, enter the IP address or hostname of the control unit.

   We recommend adding the control unit for the best performance, but you can add any unit of the cluster.

   If you used a NAT ID during device setup, you may not need to enter this field.

2. In the Display Name field, enter a name for the control unit as you want it to display in the Cloud-Delivered Firewall Management Center.

   This display name is not for the cluster; it is only for the control unit you are adding. You can later change the name of other cluster members and the cluster display name.

3. In the Registration Key field, enter the same registration key that you used during device setup. The registration key is a one-time-use shared secret.

4. (Optional) Add the device to a device Group.

5. Choose an initial Access Control Policy to deploy to the device upon registration, or create a new policy.

   If you create a new policy, you create a basic policy only. You can later customize the policy as needed.

   

6. Choose licenses to apply to the device.

7. If you used a NAT ID during device setup, expand the Advanced section and enter the same NAT ID in the Unique NAT ID field.

8. Check the Transfer Packets check box to allow the device to transfer packets to the Cloud-Delivered Firewall Management Center.

   This option is enabled by default. When events like IPS or Snort are triggered with this option enabled, the device sends event metadata information and packet data to the Cloud-Delivered Firewall Management Center for inspection. If you disable it, only event information will be sent to the Cloud-Delivered Firewall Management Center but packet data is not sent.

9. Click Register.

   The Cloud-Delivered Firewall Management Center identifies and registers the control unit, and then registers all data units. If the control unit does not successfully register, then the cluster is not added. A registration failure can occur if the cluster was not up, or because of other connectivity issues. In this case, we recommend that you try re-adding the cluster unit.

   The cluster name shows on the Devices > Device Management page; expand the cluster to see the cluster units.

   

   A unit that is currently registering shows the loading icon.

   

   Note

   GCP prioritizes nodes with public IP address during cluster node discovery. To ensure the Firewall Threat Defense Virtual cluster registers with the management center virtual using the private IP address, you must first disable the public IP address on the Firewall Threat Defense Virtual cluster node. This allows GCP node discovery to proceed using the private IP address for registration node with the management center virtual.

   You can monitor cluster unit registration by clicking the Notifications icon and choosing Tasks. The Cloud-Delivered Firewall Management Center updates the Cluster Registration task as each unit registers. If any units fail to register, see Reconcile Cluster Nodes.

   

Step 2

Configure device-specific settings by clicking the Edit () for the cluster.

Step 3

On the Devices > Device Management and then choose Add, Cluster screen, you see General, License, System, and Health settings.

Step 4

On the Devices > Device Management and then click Add > Device , you can choose each member in the cluster from the top right drop-down menu and configure the following settings.