1 of 1 people found this helpful
Yes, you need to reboot them both. The faild process reads the cluster IPs on reboot only. The faild process controls failover and 'puts the IPs' on the interfaces when the boxes fail over to each other.
If you add an IP on each firewall in an HA pair, the current Primary will have that IP loaded in the kernel (ifconfig). If you turn off the primary it will fail over to the secondary. On the secondary (which is the acting Primary), if you look at 'cf int q' (which is what the firewall has in its internal config database) you will see this new IP you added. However, if you look at the 'ifconfig' output (what the kernel has loaded onto the interfaces) you will not see this IP. Faild has not read the new IP because you did not reboot the secondary, you simply failed over to it. This IP is 'in the configuration' but not 'loaded onto the interface.'
Add the IP, reboot the secondary, when it's back up reboot the primary, the secondary takes over, the primary comes back up and takes back over. There is one less failover if you have a peer-to-peer pair (no failovers of course in LSHA, technically).
This has been fixed or 'enhanced' at 7.0.1.03 and version 8.x (you do not need to reboot HA pair members after making interface changes at those versions).