Troubleshoot WildFire Split-Brain Conditions

A WildFire 2-node HA (high availability) cluster experiences a split-brain condition when a node (or both HA peers) believes the other is no longer operational. This occurs when both the HA and cluster connections fail as a result of network connectivity or configuration issues, but allows the appliances to continue processing samples. When this occurs both WildFire appliances assume the role of the active (or primary) controller without a backup, negating the benefits of a HA deployment, such as redundancy and load-balancing. Furthermore, this prevents the WildFire appliances from efficiently utilizing analysis resources. When WildFire clusters experience a minor disruption, it automatically attempts to recover from split-brain conditions. More serious events will require manual intervention.
When a split-brain occurs, the following conditions apply:
  • Neither WildFire peer is aware of the state nor the HA role of the other.
  • Both WildFire peers become the primary server and will continue to receive samples from firewalls, but operate as independent appliances.
  • Cluster-related tasks are suspended when HA is not available.
3-node WildFire appliance clusters should not experience split-brain conditions when properly configured because of the additional redundancy provided by the third server node.

Recommended For You