Advanced WildFire Powered by Precision AI™
set deviceconfig high-availability
Table of Contents
Expand All
|
Collapse All
Advanced WildFire
-
-
- Forward Files for Advanced WildFire Analysis
- Manually Upload Files to the WildFire Portal
- Forward Decrypted SSL Traffic for Advanced WildFire Analysis
- Enable Advanced WildFire Inline Cloud Analysis
- Enable Advanced WildFire Inline ML
- Enable Hold Mode for Real-Time Signature Lookup
- Configure the Content Cloud FQDN Settings
- Sample Removal Request
- Firewall File-Forwarding Capacity by Model
-
-
-
- set deviceconfig cluster
- set deviceconfig high-availability
- set deviceconfig setting management
- set deviceconfig setting wildfire
- set deviceconfig system eth2
- set deviceconfig system eth3
- set deviceconfig system panorama local-panorama panorama-server
- set deviceconfig system panorama local-panorama panorama-server-2
- set deviceconfig system update-schedule
- set deviceconfig system vm-interface
-
- clear high-availability
- create wildfire api-key
- delete high-availability-key
- delete wildfire api-key
- delete wildfire-metadata
- disable wildfire
- edit wildfire api-key
- load wildfire api-key
- request cluster decommission
- request cluster reboot-local-node
- request high-availability state
- request high-availability sync-to-remote
- request system raid
- request wildfire sample redistribution
- request system wildfire-vm-image
- request wf-content
- save wildfire api-key
- set wildfire portal-admin
- show cluster all-peers
- show cluster controller
- show cluster data migration status
- show cluster membership
- show cluster task
- show high-availability all
- show high-availability control-link
- show high-availability state
- show high-availability transitions
- show system raid
- submit wildfire local-verdict-change
- show wildfire
- show wildfire global
- show wildfire local
- test wildfire registration
set deviceconfig high-availability
Description
Configure Wildfire
appliance cluster high-availability (HA) settings.
Hierarchy Location
set deviceconfig
Syntax
high-availability {
enabled {no | yes};
election-option {
preemptive {no | yes};
priority {primary | secondary};
timers {
advanced {heartbeat interval <value> | hello-interval <value> |
preemption-hold-time <value> | promotion-hold-time <value>}
aggressive;
recommended;
}
}
interface {
ha1 {
peer-ip-address <ip-address>;
port {eth2 | eth3 | management};
encryption enabled {no | yes};
}
ha1-backup {
peer-ip-address <ip-address>;
port {eth2 | eth3 | management};
}
}
} Options
+ enabled —
Enable HA on both controller nodes to provide fault tolerance for
the cluster. Each WildFire appliance cluster should have two controller
nodes configured as an HA pair.
> election-option —
Configure the preemptive, priority, and timer HA option values.
+
preemptive — Election option to enable the passive
HA peer (the controller backup node) to preempt the active HA peer
(the primary controller node) based on the HA priority setting.
For example, if the primary controller node goes down, the secondary
(passive) controller node takes over cluster control. When the primary
controller node comes back up, if you do not configure preemption, the
secondary controller continues to control the cluster and the primary
controller acts as the controller backup node. However, if you configure
preemption on both HA peers, then when the primary controller comes
back up, it preempts the secondary controller by taking back control
of the cluster. The secondary controller resumes its former role
as the controller backup node. You must configure the preemptive
setting on both of the HA peers for preemption to work.
+
priority — Election option to configure the preemption
priority of each controller in the HA pair. Configure preemption
on both members of the HA controller pair.
>
timers — Configure the timers for HA election options.
The WildFire appliance provides two pre-configured timer options
(aggressive and recommended settings),
or you can configure each timer individually. The Advanced timers
enable you to configure values individually:
- The heartbeat-interval sets the time in milliseconds to send heartbeat pings. The range of values is 1000-60,000 ms, with a default value of 2000 ms.
- The hello-interval sets the time in milliseconds to send Hello messages. The range of values is 8000-60,000 ms, with a default value of 8000 ms.
- The preemption-hold-time sets the time in minutes to remain in passive (controller backup) mode before preempting the active (primary) controller node. The range of values is 1-60 minutes, with a default value of 1 minute.
- The promtion-hold-time sets the time in milliseconds to change state from passive (controller backup) to active (primary) state. The range of values is 0-60,000 ms, with a default value of 2000 ms.
> interface —
Configure HA interface settings for the primary (ha1)
and backup (ha1-backup) control link
interfaces. The control link interfaces enable the HA controller
pair to remain synchronized and prepared to failover in case the
primary controller node goes down. Configuring both the ha1 interface
and the ha1-backup interface provides
redundant connectivity between controllers in case of a link failure.
Set:
- The peer-ip-address. For each interface, configure the IP address of the HA peer. The ha1 interface peer is the ha1 interface IP address on the other controller node in the HA pair. The ha1-backup interface peer is the ha1-backup interface IP address on the other controller node in the HA pair.
- The port. On each controller node, configure the port to use for the ha1 interface and the port to use for the ha-backup interface. You can use eth2, eth3, or the management port (eth0) for the HA control link interfaces. You cannot use the Analysis Environment Network interface (eth1) as an ha1 or ha1-backup control link interface. Use the same interface on both HA peers as the ha1 interface, and use the same interface (but not the ha1 interface) on both HA peers as the ha1-backup interface. For example, configure eth3 as the ha1 interface on both controller nodes and configure the management interface as the ha1-backup interface on both controller nodes.
Sample Output
admin@wf-500(active-controller)# show deviceconfig high-availability
high-availability {
election-option {
priority primary;
}
enabled no;
interface {
ha1 {
peer-ip-address 10.10.10.150;
port eth2
}
ha1-backup {
peer-ip-address 10.10.10.160;
port management
}
}
} Required Privilege Level
superuser, deviceadmin