Fail Over a FireCluster in WatchGuard Cloud

Applies To: Cloud-managed Fireboxes, Locally-managed Fireboxes

If you add an active/passive FireCluster to WatchGuard Cloud, you can manually force the cluster master to fail over in WatchGuard Cloud. The backup master becomes the cluster master, and the original master device becomes the backup master. The Fail Over Master option is available only for active/passive FireClusters. You can fail over cluster members that belong to a cloud-managed FireCluster or a locally-managed FireCluster.

Some events cause the FireCluster to automatically fail over. For information about automatic failover, see About FireCluster Failover.

To manually fail over an active/passive locally-managed cluster in WatchGuard Cloud, cluster members must run Fireware v12.7.1 or higher (or v12.5.8 or higher for T30, T35, T50, M200 and M300 Fireboxes). To upgrade a locally-managed cluster from lower Fireware versions, you must use Policy Manager or Fireware Web UI. After the upgrade, you can fail over a cluster in WatchGuard Cloud, and you can reboot and upgrade the cluster in WatchGuard Cloud. For information about local cluster upgrades, see Upgrade Fireware OS for a FireCluster.

To manually fail over an active/passive cluster in WatchGuard Cloud:

  1. Sign in to your WatchGuard Cloud Subscriber account.

    For Service Provider operators, from Account Manager, select My Account.
  2. Select Configure > Devices.
  3. Select the FireCluster. For an active/passive FireCluster, the cluster master status is Connected. The backup master status is Not Connected. In our example, Member2 is connected, which means it is the cluster master. Member1 is the backup master.

Screen shot of the Device Information page for a cluster

  1. Click Fail Over Master.
    The Fail Over Cluster Master dialog box opens.

Screen shot of the Fail Over Cluster Master dialog box

  1. Click Fail Over.
    The message "The cluster master will force a failover soon" appears briefly. Both members have the status Not Connected during failover.

Screen shot of a disconnected FireCluster during a failover

  1. After the failover completes, verify that the original cluster master is now the backup master. In our example, Member2 was the original cluster master (the only connected cluster member). After failover, Member2 is now the backup master (the only disconnected cluster member).

Screen shot of the FireCluster status after a completed failover

For information about log messages related to FireCluster failover, see Manage FireCluster Logging in WatchGuard Cloud.

To view the live status of a FireCluster, and to see a list of historical FireCluster events, see Monitor FireClusters.

See Also

About FireCluster in WatchGuard Cloud