WildFire Appliance Clusters

Beginning with this release, you can now configure and manage up to twenty WildFire appliances as a WildFire appliance cluster on a single network. This is especially useful in environments where you cannot use the WildFire public cloud. WildFire appliance clusters support larger firewall deployments on a single network than a standalone WildFire appliance supports. Additionally, clusters provide fault tolerance and a single signature package that is distributed to all firewalls that are connected to the cluster.
You can manage clusters locally, using the WildFire appliance CLI, or centrally, from a Panorama M-Series or virtual appliance. A WildFire cluster environment includes:
  • From 2 to 20 WildFire appliances that you want to group and manage as a cluster. At a minimum, a cluster must have two WildFire appliances configured in a high-availability (HA) pair.
  • Firewalls that connect to the cluster for traffic analysis and signature generation.
  • (Optional) One or two Panorama appliances for centralized cluster management if you choose not to manage the cluster locally. To provide HA, use two Panorama appliances configured as an HA pair.
At a minimum, a cluster must have two WildFire appliances configured as a high-availability (HA) pair. WildFire appliances that you add to a WildFire appliance cluster become cluster nodes.
  1. Create a WildFire appliance cluster and add WildFire appliances to the cluster.
    Configure the cluster member nodes and roles, configure HA, and verify the configuration. You can Configure a Cluster and Add Nodes Locally or Configure a Cluster and Add Nodes on Panorama.
  2. Configure basic WildFire appliance cluster settings.
    Configure the connection to the WildFire public cloud, data retention policies, signature generation, the preferred analysis environment, DNS settings, and so on. You can Configure Basic Cluster Settings Locally or Configure Basic Cluster Settings on Panorama.
  3. Remove a WildFire appliance from a cluster.
    Safely remove a node from a WildFire appliance cluster. You can Remove a Node from a Cluster Locally, however, removing a node from a cluster using Panorama is not supported.
    With the introduction of managing WildFire appliance clusters on Panorama, you can also manage individual standalone WildFire appliances on Panorama.

Related Documentation