When you configure a FireCluster, you must specify the cluster ID, and you must select a load balance method, and a cluster configuration type.
Configuration Type
FireCluster supports two types of cluster configurations.
Active/Passive cluster
In an active/passive cluster, the active device handles all network traffic unless a failover event occurs. The passive device actively monitors the status of the active device. If the active device fails, the passive device becomes active and takes over the traffic flows in the cluster.
Active/Active cluster
In an active/active cluster, each cluster member is active and shares the traffic load. If one device in a cluster fails, the traffic from that device is automatically shifted to the other device.
The same cluster member handles response traffic unless that member fails. For example, Cluster Member 1 is assigned an outbound packet from a user computer on your local network. Cluster Member 1 also handles the response traffic. This packet flow occurs because the Firebox is a stateful firewall that tracks and controls network traffic in a layer 3 session. Cluster Member 2 does not handle the response packet unless Member 1 fails.
You cannot configure an active/active cluster if:
- The external interface of your Firebox is configured for DHCP or PPPoE
- The Firebox is configured to use dynamic routing
- The Firebox is configured in drop-in network mode
Load Balance Method
FireCluster Active/Active supports two types of load balancing for an Active/Active cluster:
Least connection
If you select this option, each new traffic flow is assigned to the active cluster member with the lowest number of open connections.
Round-robin
If you select this option, new traffic flows are distributed among the active cluster members in round-robin order. The first connection goes to one cluster member. The next connection goes to the other cluster member, and so on.
Cluster ID
The Cluster ID uniquely identifies this cluster if there is more than one FireCluster active on the same network segment. If you only have one FireCluster, we recommend you leave the Cluster ID at the default value.
For an active/passive cluster, the Cluster ID determines the virtual MAC (VMAC) addresses used by the interfaces of the clustered devices. If you configure more than one active/passive FireCluster on the same subnet, it is important to know how to set the Cluster ID to avoid a possible virtual MAC address conflict.
For more information, go to Active/Passive Cluster ID and the Virtual MAC Address.