failover – a family of commands for configuring a high-availability cluster

When the cluster is in SECONDARY mode, only the following commands are available:

[no] failover enable
failover (active|passive)
show failover config
show failover status

`failover cluster_id <uuid>`

Set unique cluster ID for configuration. Only one cluster can be configured on an NGFW device.

`[no] failover enable`

Enable (or disable, if no) cluster mode.

`show failover config`

Show information about the current cluster configuration.

Example output:

ngfw> show failover config
{
  "ngfw-cluster:cluster": {
    "config": {
      "failover": true,
      "id": "04edfa76-c408-42cf-9a78-ea077e1dbf29",
      "signKey": "22",
      "role": "PRIMARY",
      "log_level": "off",
      "keepAliveInterval": 100,
      "keepAliveDeadCount": 1,
      "syncInterfaceAlias": "port2",
      "syncInterfacePrimaryIp": "192.168.1.1/24",
      "syncInterfaceSecondaryIp": "192.168.1.2/24",
      "syncInterfaceMtu": 1400
    }
  }
}

`show failover status`

Show information about the current cluster status.

Example output:

ngfw> show failover status
{
  "ngfw-cluster:cluster": {
    "status": {
      "version": "1.0.0",
      "config_role": "PRIMARY",
      "oper_role": "passive",
      "peer_oper_role": "active",
      "client_config_match": true,
      "client_failed_dataplane_interfaces": "all up",
      "peer_failed_dataplane_interfaces": "all up",
      "interfaces_with_ka_received": "port2, port3, port4",
      "sync_connected": true,
      "mac_list_match": true
    }
  }
}

`show failover cts-status`

Show information about current session synchronization tasks.

Example output:

ngfw> show failover cts-status
{
  "ngfw-cluster:cluster": {
    "cts_status": {
      "on_online": "done",
      "on_offline": "started",
      "on_fullsync": "unknown"
    }
  }
}

`failover keepalive dead_count <number>`

Set the number of keepalive packets that can be lost before switchover.

`failover keepalive interval <ms>`

Set the interval for sending keepalive packets.

`failover (primary|secondary)`

Set the role of the node in the configuration.

`failover digest_key <id>`

Set key for signing keepalive packets using the HMAC-SHA-256 algorithm.

`failover (active|passive)`

Set the operational role of the cluster.

`failover interface <name>`

Set the name of the sync interface and go to its settings menu.

`failover interface=['name']> [no] primary <ip-address>`

Set (or remove, if no) the primary address on the sync interface.

`failover interface=['name']> [no] secondary <ip-address>`

Set (or remove, if no) the secondary address on the sync interface.

`failover interface=['name']> mtu <mtu>`

Set the MTU on the sync interface.

`failover log_level (off|trace|debug|info|warning|error)`

Set the logging level of the cluster service.

`failover client_log_level (off|trace|debug|info|warning|error)`

Set the logging level for the client side of the cluster (NGFW).

`failover fullsync`

Request full synchronization of sessions from the active node. This command works only on a node with the 'passive' role.

| Prev | Home | Next |