Using the Serial Console for Cluster Administration
If you are adding a factory-set device to a cluster, we recommend that you use the serial console, which enables you to join an existing cluster during the initialization process by entering minimal information. When a node joins a cluster, it receives the cluster state settings, which overwrite all settings on a device with an existing configuration and provide new machines with the required preliminary information. You can also use the serial console to disable the node. If the node is in a synchronization state, you cannot access its admin console. Therefore, if you need to upgrade or reboot the node, for example, you must first disable the node from a cluster through its serial console.
Joining a Node to a Cluster Using Its Serial Console
Before a configured or factory-set node can join a cluster, you must make its identity known to the cluster.
•To add a node currently running as a standalone device to a cluster through its admin console, it must be running the same or a more recent version service package on the same hardware platform as the other members.
•If you add a node running an earlier version service package to a cluster, the node automatically detects the mismatch, gets the newer package from the cluster, and joins the cluster.
To add a node to a cluster through its serial console:
1.In the admin console of an existing cluster member, select System > Clustering > Cluster Status and specify the node to add to the cluster.
2.Connect to the serial console of the device you want to add to the cluster.
3.Reboot the device and watch its serial console. After the system software starts, a message appears stating that the device is about to boot as a standalone node and to press the Tab key for clustering options. Press the Tab key as soon as you see this option.
The interval to press the Tab key is five seconds. If the device begins to boot in standalone mode, wait for it to finish and then reboot again.
4.Enter the number instructing the node to join an existing cluster.
5.Enter the requested information, including:
•The internal IP address of an active member in the cluster
•The cluster password, which is the password you entered when defining the cluster
•The name of the device to add
•The internal IP address of the device to add
•The netmask of the device to add
•The gateway of the device to add
The active cluster member verifies the cluster password and that the new device's name and IP address match what you specified in the admin console. If the credentials are valid, the active member copies all of its state data to the new cluster member, including certificate, user, and system data.
6.Enter the number instructing the node to continue the join cluster operation. When you see a message confirming that the device has joined the cluster, select System > Clustering > Cluster Status in the admin console of any active cluster member to confirm that the new member's Status is green, indicating that the node is now an enabled node of the cluster (status is green).
Disabling a Clustered Node Using Its Serial Console
To disable a node within a cluster using its serial console:
1.Connect to the serial console of the device you want to disable within the cluster.
2.Enter the number that corresponds to the System Operations option.
3.Enter the number that corresponds to the Disable Node option.
4.Enter y when the serial console prompts you to confirm that you want to disable the node.
5.Verify that the node has been disabled (status is red) within the cluster by selecting System > Clustering > Status in the admin console of any active cluster member.
Restarting or Rebooting Cluster Nodes Using Its Serial Console
When you create a cluster of two or more nodes, the clustered nodes act as a logical entity. When you reboot one of the nodes using either the serial console or the admin console, all nodes in the cluster restart or reboot.
To reboot only one node:
1.Connect to the serial console of the device you want to disable within the cluster.
2.Enter the number that corresponds to the System Operations option.
3.Select System > Clustering > Status to disable the node you want to restart or reboot within the cluster.
4.Under system operations select the appropriate menu option <Reboot this device>, <Shutdown this device>, or <Restart Services>.
5.Reboot the node, then enable the node within the cluster again.
The system reconciles session state with the Infranet Enforcer upon restart or cluster failover. If the Infranet Enforcer is running ScreenOS 6.0r2 or later, a Policy Secure restart or failover does not interrupt network traffic of existing sessions, as long as the restart or failover occurs within two minutes.