WAN Clustering

Overview

A WAN cluster is a group of independent servers/nodes separated by WAN networks working together as a single system to provide load balancing and high scalability for clients and services. WAN cluster works only in active-active cluster operation mode and is qualified on ISA4000-V, ISA6000, ISA6000-V, ISA8000, and ISA8000-V, platforms.

Clustering supports following types of synchronization settings:

  • Configuration-only Cluster - Only configuration will be synced across the cluster nodes
  • Synchronize user sessions - Configuration and user session information will be synced across the Cluster nodes

WAN cluster only supports Configuration-only Cluster and does not support Synchronize user sessions.

Configuring an Active-Active Configuration-only WAN Cluster

To configure an Active/Active Configuration-only WAN cluster:

  1. Configure an Active/Active cluster as mentioned in the Configuring an Active/Active or Active/Passive Cluster section.
  2. Select System > Clustering > Cluster Properties and select Configuration-only Cluster as shown in the screen below.
  3. Under Advanced Settings, select Enable Advanced Settings and then select the Network Type as Average latency 60-100ms or Average latency 10-60ms for WAN cluster.

In an Active/Active WAN cluster, if the networks of all the internal ports of the IPS/Nodes are in different subnets, it is mandatory to add specific static network routes on every IPS/Node to reach every other IPS/Node in the cluster for better cluster communication during IPS/Node failover or downtime.

To add a specific static route on a IPS/Node to reach another IPS/Node in the cluster:

  1. Select System > Network > Routes.
  2. Click New Route.
  3. Based on the Network’s Topology the Static Route needs to be added on IPS/Node to reach other IPS/Node in WAN Cluster. Below is an example where static route is added on IPS Configured in 10.11.0.0/16 network having gateway 10.11.1.1 to reach another IPS/Node Configured in 10.12.0.0/16.
  4. The same steps need to be repeated on every IPS/Node in the Active/Active WAN cluster.