Use the Web UI with a FireCluster
You can use Fireware Web UI to connect to a FireCluster or a cluster member. You can use an interface IP address to connect to the Web UI for a FireCluster, or you can use the management IP address of a cluster member.
To connect to the FireCluster on an interface IP address:
<Firebox-IP-address> is the IP address assigned to an interface.
To connect to an individual cluster member:
<cluster-member-management-IP-address> is the management IP address configured in the FireCluster settings for a member.
Web UI for the Cluster Master
There are two ways to connect to the cluster master. You can connect to the management IP address of the cluster master, or you can connect to an interface IP address. When you log in to the cluster master with a user account that has a Device Administrator privileges, you can use Fireware Web UI to make any type of configuration change that you can make to a Firebox that is not a member of a FireCluster. For example, you can update the policies, services, VPN, network, and authentication settings. When you save configuration changes to the cluster master, the changes are automatically synchronized to the backup master.
You cannot use Fireware Web UI to:
- Enable or disable a FireCluster or change FireCluster settings
- Edit the configuration of the cluster interface
- Force a FireCluster member to fail over
- Make a member join or leave a cluster
- Discover a cluster member
- Monitor cluster health
When you use an interface IP address to connect to a FireCluster, you automatically connect to the current cluster master. The System widget in the Front Panel Dashboard page shows the member name and serial number of the cluster member that is the current cluster master.
When you connect to the cluster master or to an interface, most of the Dashboard pages and System Status pages show combined statistics and information for both cluster members.
There are two pages that do not show combined information for both members.
- Dashboard > Traffic Monitor
- System Status > Traffic Management
These pages show information about traffic on the cluster master by default. To see information about the other cluster member, select the cluster member name from the drop-down list at the top of the page.
Web UI for the Backup Master
You can use the management IP address of the backup master to log in to Fireware Web UI for the backup master cluster member. When you connect to the backup master, the configuration is always read-only, and you cannot save configuration changes. If you log in to the backup master with a user account that has Device Administrator privileges, you can use these upgrade, backup, and restore options on the backup master:
- System > Backup Image — Save a backup image of the backup master
- System > Restore Image — Restore a backup image to the backup master
- System > USB Drive — Save or restore a backup image to a connected USB drive
- System > Upgrade OS — Upgrade the backup master (Fireware v11.10.x and lower only)
On the backup master, you can also use these functions on the Dashboard pages:
- Front Panel — Reboot the backup master
- Subscription Services — Update subscription services signatures on the backup master
When you connect to a backup master, the Dashboard pages and System Status pages show information for only that member, not for the entire FireCluster.
If you specify the management IP address of a FireCluster backup master to connect to the Guest Administration Portal, the portal is read-only, and this error message appears: The Firebox is a backup master of a FireCluster. Please log in to the management IP address of the FireCluster.
Upgrade Fireware OS for a FireCluster
You can upgrade Fireware OS for a FireCluster from Fireware Web UI. The steps to upgrade a FireCluster depend on which Fireware OS version you upgrade from.
- When you use the Web UI to upgrade a FireCluster from Fireware v11.11 or higher, both members are always upgraded automatically.
- When you use the Web UI to upgrade a FireCluster from Fireware v11.10.x or lower, you must connect to and upgrade each cluster member individually.
For more information, see Upgrade Fireware OS for a FireCluster
FireCluster Backup and Restore in the Web UI
You can use Fireware Web UI to create or restore a backup image to a member of a FireCluster.
You can use the Web UI to backup and restore the configuration to cluster members, but WatchGuard recommends that you use Policy Manager to complete the backup and restore processes, if possible. Policy Manager automatically manages the backup and restore for all members of the cluster.
To backup and restore a Firebox image for FireCluster members, from Fireware Web UI:
- You must save a separate backup image from each cluster member.
- Use the backup image saved from a cluster member to restore only that cluster member. For example, do not restore the backup image from the cluster master to both members in the cluster.
- Restore the backup image to the cluster backup master before you restore the backup image to the cluster master.
- Make sure that the backup image you restore to each cluster member uses the same OS version.