Configuring the network cluster

You can combine multiple Kaspersky IoT Secure Gateway 1000 devices into a fault-tolerant network cluster in the internal network. Joining devices to a network cluster allows you to assign one primary device that receives and transmits traffic and one or several backup devices. If the primary device fails, the traffic is transmitted through the backup device.

The network cluster settings must be configured on each Kaspersky IoT Secure Gateway 1000 device that you want to add to the network cluster.

For security purposes, we recommend setting up Port Security on the ports to which Kaspersky IoT Secure Gateway 1000 is connected as a network cluster and fixing the MAC addresses in the allowlist, as well as blocking the sending of IP packets with the destination address 224.0.0.18/32 from other ports. This ensures that only devices with fixed MAC addresses from certain ports can send VRRP packets.

Devices within a network cluster are independent. Data and configuration are not synchronized between devices.

To configure a network cluster settings in the Kaspersky Security Center 14.2 Web Console:

1. In the main window of the Web Console, select Devices → Managed devices.
2. Click the name of the device running Kaspersky IoT Secure Gateway 1000. If the device name is not on the list, add it to the Managed devices group.
3. In the device properties window that opens, select the Applications tab.
4. Press Kaspersky IoT Secure Gateway.

   This opens a window containing information about Kaspersky IoT Secure Gateway 1000.

5. Select the Application settings tab.
6. Select Network → Network cluster.
7. Set the toggle to Enable network cluster and configure the following settings:
   1. In the Device priority field, enter the priority for the current device within the network cluster.

      You can specify a value between 0 and 254. The priority determines the role of the device in the cluster. The device with the lowest priority value is considered to be the main device, and the devices with higher priority values are considered to be backup devices. The lower the priority value of the backup device, the higher the device is in the queue for the case of the primary device failure.

      There can be only one primary device in a network cluster.

   2. In the Cluster IP address field, enter the local IP address of the LAN cluster.

      The specified IP address is deployed on the device.

   3. In the Cluster IP address mask field, enter the IP address subnet mask of the network cluster.
   4. In the Cluster Identifier field, enter a unique ID for the network cluster.

      The ID is required for the cluster nodes to uniquely recognize each other. However, the use of the ID does not guarantee protection against the actions of third parties. When setting up the network, you also need to secure the cluster network loop.

      To avoid ID overlap, we recommend specifying a custom ID value.

   For each device that you want to combine into a network cluster, specify the same values for the virtual IP address, IP address mask, and cluster ID.

8. If you want to reset the specified network cluster settings, click the Cancel button.
9. Click Save to save the changes.

The device is added to the network cluster by the specified IP address.