5 Replies Latest reply on May 30, 2012 5:01 AM by ralzaga

    Rejoining to a Cluster

      Hi,

            I have 2 MFE firewalls on a F-series hardware in a cluster mode. Recently we bought 2 MFE S4016. We successfully migrated the primary firewall. I tried to rejoin a fresh format firewall to the primary but it cannot see the primary firewall even if they have the same ipaddresses on their respective interfaces and also I dont know what is the cluster password set by the previous technical person that installed the firewall from the F-series. What I did is I restored the configuration of the secondary firewall to the S4016 and connect it to the heartbeat interface but it doesn't download the configuration of the primary. I don't know if I properly migrated the secondary firewall or what is the best way to make it in a cluster mode again. Please help guys. Thank you.

        • 1. Re: Rejoining to a Cluster
          PhilM

          If you are adding a new unit, but can't remeber the HA password, you can always log into the primary unit and change this value to something which you know.

           

          I would also suggest that having successfully migrated the primary's configuration from the F-series to S-Series appliance, it may also be easier to simply delete the secondary from the HA configuration and re-create it. Then you will know all of the details that you need to enter onto the secondary in order to get it to join-up.

           

          The other key thing to remember with HA environments is the zone/burb entries on the secondary appliance must be created in the same order as they were created on the primary appliance. Either connect to the CLI on the primary appliance and run the "region" command, or look at each burb/zone in the GUI. You should find the "ID" value located just above the check boxes:-

           

          Capture.JPG

           

          Hope that helps you.

           

          -Phil.

          • 2. Re: Rejoining to a Cluster

            Hi,

                  I have tried  all the steps you gave. Also I tried the steps from the link below.

             

            https://kc.mcafee.com/corporate/index?page=content&id=KB64270

             

             

             

                but still I cannot register the secondary firewall to the primary. I deleted the secondary and tried to change the primary to standalon but an error appeared

             

            Error: TSWAttributeError: 'NoneType' object has no attribute'split'    I tried to create a new secondary firewall to the cluster but still the secondary firewall cannot download the configuration files from the primary.

            • 3. Re: Rejoining to a Cluster

              Hello,

               

              The error "Error: TSWAttributeError: 'NoneType' object has no attribute'split'" that you were getting when trying to change the primary to standalone is likely due to a misconfigured or partially configured interface on that firewall.  Check all of its interfaces for any that are configured but not used/disabled.  Can those be deleted?  Or perhaps an interface is configured but not assigned to a NIC.  Then try to demote the primary to standalone once again.

               

              Erik

              • 4. Re: Rejoining to a Cluster

                Hi,

                    There is still an error after assigning all the interfaces. Please see screenshot below.

                 

                Error Demoting firewall.bmp

                • 5. Re: Rejoining to a Cluster

                  I followed the steps below but still it cannot demote the primary to standalone

                   

                  https://kc.mcafee.com/corporate/index?page=content&id=KB64648&cat=CORP_SIDEWINDE R&actp=LIST