Applies To: Locally-managed Fireboxes
This section documents common issues that you might encounter with FireCluster and provides details on how to address those issues.
Cluster Master Cannot Discover the Other Cluster Member
When you enable FireCluster or use the Discover Member command in Firebox System Manager to discover a new member, the cluster master uses the configured cluster interface to discover the backup master. If the cluster master does not discover the other member, make sure the two cluster members are the same Firebox model and run the same Fireware version.
You might receive an error message in Firebox System Manager for the active cluster member that "The cluster members are running different Fireware OS versions", even if the Fireware versions of the members are the same. This occurs because the cluster members are not synchronized with each other. Check your connections, and use the Discover Member command again to establish the connection.
Eliminate FireCluster as a Factor in a Network or Firebox Issue
To eliminate the FireCluster as a factor, you can temporarily disable FireCluster in the configuration.
- Create a FireCluster Backup Image of your cluster master device.
- Power off the backup master.
- On the cluster master device, clear the Enable FireCluster check box.
If there is no change, it is unlikely that this issue is related to your FireCluster configuration. You might have to examine the physical or logical architecture of your network. To learn more about FireCluster network architecture, go to FireCluster.
When you disable the FireCluster, the backup master restarts with factory-default settings. To get the FireCluster back up, you must restore the backup image and then power on the other cluster member. If you neglect to perform this step, the other cluster member attempts to become the master again once it is powered back on, and you then have two Fireboxes with the same configuration and no clusters.
Failover to the Backup Master Device Does Not Occur Unless You Physically Power Off the Master Device
In a FireCluster, a health metric, called the Weighted Average Index indicates the health of each member. This index measures the status of monitored ports, processes, and hardware. If the Weighted Average Index of the backup master is lower than on the cluster master, failover cannot occur. To view the Weighted Average Index and other health information for each cluster member, you can review the Cluster Health Section of the Status Report.
If the Weighted Average Index for one member is lower, review the other contributing indexes to determine whether that device has a possible hardware, software, or connectivity issue. For more information about the health indexes, go to Monitor Cluster Health.
Unable to Connect to a Specific Cluster Member
When you configure a FireCluster, you designate a Management IP address for each cluster member. If you cannot connect to a specific FireCluster member, make sure your management computer has a route to the Management IP address for that cluster member. For more information, go to About FireCluster Management IP Addresses.