Create a Cluster

The Add Cluster Wizard appears.

• Cluster Name—An ASCII string from 1 to 38 characters.

• Cluster Key—An ASCII string from 1 to 63 characters. The Cluster Key value is used to generate the encryption key. This encryption does not affect datapath traffic, including connection state update and forwarded packets, which are always sent in the clear.

• Node—Choose the device that you want to be the control node initially. When the Firewall Management Center forms the cluster, it will add this node to the cluster first so it will be the control node.

  Note

  If you see an Error () icon next to the node name, click the icon to view configuration issues. You must cancel cluster formation, resolve the issues, and then return to cluster formation. For example: To resolve the above issues, remove the unsupported VPN license and deploy pending configuration changes to the device.

• VXLAN Network Identifier (VNI) Network—Specify an IPv4 subnet for the VNI network; IPv6 is not supported for this network. Specify a 24, 25, 26, or 27 subnet. An IP address will be auto-assigned to each node on this network. The VNI network is the encrypted virtual network that runs on top of the physical VTEP network.

• Cluster Control Link—Choose the physical interface you want to use for the cluster control link.

• Virtual Tunnel Endpoint (VTEP) Network—Specify an IPv4 subnet for the physical interface network; IPv6 is not supported for this network. The VTEP network is a different network than the VNI network, and it is used for the physical cluster control link.

• VTEP IPv4 Address—This field will be auto-populated with the first address on the VTEP network.

• Priority—Set the priority of this node for control node elections. The priority is between 1 and 100, where 1 is the highest priority. Even if you set the priority to be lower than other nodes, this node will still be the control node when the cluster is first formed.

You can form the cluster with only the control node for faster cluster formation, or you can add all nodes now. Set the following for each data node:

• Node—Choose the device that you want to add.

  Note	If you see an Error () icon next to the node name, click the icon to view configuration issues. You must cancel cluster formation, resolve the issues, and then return to cluster formation.

• VTEP IPv4 Address—This field will be auto-populated with the next address on the VTEP network.

• Priority—Set the priority of this node for control node elections. The priority is between 1 and 100, where 1 is the highest priority.

The cluster bootstrap configuration is saved to the cluster nodes. The bootstrap configuration includes the VXLAN interface used for the cluster control link.

The cluster name shows on the Devices > Device Management page; expand the cluster to see the cluster nodes.

A node that is currently registering shows the loading icon.

Most configuration can be applied to the cluster as a whole, and not nodes in the cluster. For example, you can change the display name per node, but you can only configure interfaces for the whole cluster.

• General > Name—Change the cluster display name by clicking the Edit ().

  

  Then set the Name field.

  

• General > View—Click the View link to open the Cluster Status dialog box.

  

  The Cluster Status dialog box also lets you retry data unit registration by clicking Reconcile All.

  

• General > Name—Change the cluster member display name by clicking the Edit ().

  

  Then set the Name field.

  

• Management > Host—If you change the management IP address in the device configuration, you must match the new address in the Firewall Management Center so that it can reach the device on the network. First disable the connection, edit the Host address in the Management area, then re-enable the connection.

  

If you previously enabled jumbo-frame reservation, you can skip this step.

Because the cluster control link traffic includes data packet forwarding, the cluster control link needs to accommodate the entire size of a data packet plus cluster traffic overhead (100 bytes) and VXLAN overhead (54 bytes). When you create the cluster, the MTU is set to 154 bytes higher than the highest data interface MTU (1654 by default). If you later increase the data interface MTU, be sure to also increase the cluster control link MTU. For example, because the maximum MTU is 9198 bytes, then the highest data interface MTU can be 9044, while the cluster control link can be set to 9198. See Configure the MTU.

Note	Make sure you configure switches connected to the cluster control link to the correct (higher) MTU; otherwise, cluster formation will fail.