To connect two Fireboxes in a FireCluster configuration:
- Use an Ethernet cable to connect the primary cluster interface on one Firebox to the primary cluster interface on the other Firebox. Tip!
- If you plan to enable a backup cluster interface, use a second Ethernet cable to connect the backup cluster interfaces. If you have a network interface available, we recommend that you connect and configure a backup cluster interface for redundancy.
- Connect the external interface of each Firebox to a network switch or VLAN. If you use Multi-WAN, connect the second external interface of each Firebox to another network switch.
- Connect the trusted interface of each device to an internal network switch or VLAN.
- For each Firebox, connect the other trusted or optional network interfaces to the internal network switch for that Firebox.
The primary and backup cluster interfaces must be on different subnets. If you use a switch between each member for the cluster interfaces, the cluster interfaces must be logically separated from each other on different VLANs.
You must connect each pair of network interfaces to a separate local network or VLAN.
If any interface on the Firebox configuration uses the IP address 10.0.1.1, do not connect the trusted and optional network interfaces of the second device to the switches until after the cluster has been formed. This avoids an IP address conflict when you start the second device with factory-default settings. The devices use the cluster interfaces to form the cluster. After the you save the configuration to the cluster master, and the cluster is active, connect each of the trusted and optional interfaces of the second device to the appropriate switches.
This diagram shows connections for a simple FireCluster configuration.
In this example, the FireCluster has one external and one trusted interface connected to network switches. The primary cluster interfaces are connected by an Ethernet cable.
After you connect the FireCluster hardware, you are ready to configure the FireCluster in Policy Manager. You can do this two ways: