This Document will demonstrate how clustering works with McAfee Next Generation Firewall.
You can also watch the steps described in this document by viewing the video below.
I - Background Information
In this document, we will be detailing a case in which we have a three node Active-Active Next Generation Firewall cluster. The Security Management Center (SMC) manages this cluster as a single entity. The cluster is connected to two ISP's through a multi-link technology.
In this instance, let's say that user “bsmith,” located at the main office, sends a YouTube request to the Internet. Since we have an Active-Active cluster, the return traffic will be dynamically load-balance across all the nodes.
In the next part of the test we will bring two nodes offline. We expect to see no interruption in the video stream and there will not be any downtime in case of a node failure.
II - Demonstration
Let's replicate the scenario above in the Security Management Center (SMC). We have built the three node cluster named as “SANS Cluster” in the SMC. We can start the logs, and once we stream a video, we should see traffic on all different nodes.
We can go to a client and play a video on Youtube.
If we go and view the logs in the SMC, we can see that the traffic is distributed across different nodes. We can now perform the next part of the test by bringing two nodes offline. We will play a different video this time.
We can expect to see no interruption in the stream and all three nodes carrying all the traffic. Let's go back to our client.
We can play a video and bring two nodes offline in the cluster.
We can bring both nodes offline. Now we have only one node in the cluster which is online.
On the SMC logs we should see that all the traffic is going to node 3, as we took node 1 and 2 offline. We can indeed see that all the traffic is going through node 3, meaning that there is no interruption and no down time during a node failure.