WildFire Appliance Cluster Resiliency and Scale
WildFire appliance clusters aggregate the sample analysis and storage capacity of up to twenty WildFire appliances so that you can support large firewall deployments on a single network. You have the flexibility to manage and Configure a Cluster Locally on WildFire Appliances using the CLI, or manage and Configure a Cluster Centrally on Panorama M-Series or virtual appliance servers. A WildFire appliance cluster environment includes:
- From 2 to 20 WildFire appliances that you want to group and manage as a cluster. At a minimum, a cluster must have two WildFire appliances configured in a high-availability (HA) pair.
- Firewalls that forward samples to the cluster for traffic analysis and signature generation.
- (Optional) One or two Panorama appliances for centralized cluster management if you choose not to manage the cluster locally. To provide HA, use two Panorama appliances configured as an HA pair.
Each WildFire appliance you add to a WildFire appliance cluster becomes a node in that cluster (as opposed to a standalone WildFire appliance). Panorama can manage up to 10 WildFire appliance clusters with a total of 200 WildFire
cluster nodes(10 clusters, each with the maximum of 20 nodes).
Panorama can manage standalone WildFire appliances as well as WildFire appliance clusters. The combined total of standalone WildFire appliances and WildFire appliance cluster nodes that Panorama can manage is 200. For example, if Panorama manages three clusters with a total of 15 WildFire cluster nodes and eight standalone WildFire appliances, then Panorama manages a total of 23 WildFire appliances and can manage up to 177 more WildFire appliances.
Cluster nodes play one of three roles:
- Controller Node—Two controller nodes manage the queuing service and database, generate signatures, and manage the cluster locally if you don’t manage the cluster with a Panorama M-Series or virtual appliance. Each cluster can have a maximum of two controller nodes. For fault tolerance, each WildFire appliance cluster should have a minimum of two nodes configured as a primary controller node and a controller backup node HA pair. Except during normal maintenance or failure conditions, each cluster should have two controller nodes.
- Worker Node (cluster client)—Cluster nodes that are not controller nodes are worker nodes. Worker nodes increase the analysis capacity, storage capacity, and data resiliency of the cluster.
- Server Node (cluster server)—The third node in a WildFire cluster is automatically configured as a server node, a special type of worker node that provides database and infrastructure redundancy features in addition to standard worker node capabilities.
When a firewall registers with a cluster node, or when you add a WildFire appliance that already has registered firewalls to a cluster, the cluster pushes a registration list to the connected firewalls. The registration list contains every node in the cluster. If a cluster node fails, the firewalls connected to that node reregister with another cluster node. This type of resiliency is one of the benefits of creating WildFire appliance clusters.
A WildFire appliance cluster increases the analysis throughput and storage capacity available on a single network so that you can serve a larger network of firewalls without segmenting your network.
If a cluster node goes down, HA configuration provides fault tolerance to prevent the loss of critical data and services. If you manage clusters centrally using Panorama, Panorama HA configuration provides central management fault tolerance.
Single signature package distribution
All firewalls connected to a cluster receive the same signature package, regardless of the cluster node that received or analyzed the data. The signature package is based on the activity and results of all cluster members, which means that each connected firewall benefits from the combined cluster knowledge.
Centralized management (
You save time and simplify the management process when you use Panorama to manage WildFire appliance clusters. Instead of using the CLI and scripting to manage a WildFire appliance or cluster, Panorama provides a single-pane-of-glass view of your network devices. You can also push common configurations, configuration updates, and software upgrades to multiple WildFire appliance clusters, and you can do all of this using the Panorama web interface instead of the WildFire appliance CLI.
When a cluster has two or more active nodes, the cluster automatically distributes and load balances analysis, report generation, signature creation, storage, and WildFire content distribution among the nodes.