PDA

View Full Version : Setting up UTM-1 270 Cluster



kevdoggx
2009-10-22, 12:07
I am having a hard time with initial configuration of my UTM-1 devices. The first time I start the Dashboard I go through the cluster setup wizard, but at the end it says:

'Cluster Configuration could not be completed. A cluster configuration requires at least 2 cluster interfaces.'

I have tried tweaking settings, but no matter what I do I can't seem to get past this.

I am trying to set up this cluster and one more cluster of 2 UTM-1's and would like one of the clusters to manage both. Either that or if there's an option to run a separate management server I could do that as well. Are there benefits to managing the devices one way or the other?

Finally, I am using R70 if that makes any difference in this process. Thanks for any help!

northlandboy
2009-10-22, 13:38
You can run a separate management server, and that is what I would generally recommend. You may require more licenses for that though.

kevdoggx
2009-10-22, 14:32
I guess I'm not sure what my licenses will allow me to do. Is there a way I can get the information from usercenter so you can tell?

Right now though, I am mostly concerned with getting these clusters set up so I can start adding the rules.

Is it possible to change a cluster from locally managed to centrally managed after initial setup with out reloading factory settings?

Thanks!

chillyjim
2009-10-22, 14:51
Do you have all the IP addresses assigned via the webui on the UTM-1's?
That is what the error you are getting is normally (That you only have one IP address).

kevdoggx
2009-10-22, 15:04
Which IPs? I have these sitting at my desk and I'm just trying to get them running before I put em in the rack. I assigned different Internal IPs, the SYNC ports were automatic. I have the external ports turned on, but not connected. Could that be an issue? If I disable those but leave everything else as is, would that work?

tomama
2009-10-22, 15:43
When I read this I think, that you should now configure all of the IP-Adresses you have using the WebUI of both UTM-1 and after this is dne you can start using the SmartDashboard for configuring the Cluster and enabling it there.

kevdoggx
2009-10-22, 15:48
When I read this I think, that you should now configure all of the IP-Adresses you have using the WebUI of both UTM-1 and after this is dne you can start using the SmartDashboard for configuring the Cluster and enabling it there.

This is what I've done. Then the first time the SmartDash comes up it starts the cluster wizard because I enabled the cluster in the webui. But after entering all relevant information in the wizard, the dash recognizing the secondary cluster member but says it is unable to finish the configuration.

chillyjim
2009-10-22, 20:20
You have something configured wrong on the gateways themselves. Double check to make sure you have an IP address on the Internal, External and Sync interfaces at least and that the network/netmask on the two member match.

If that doesn't help, please post the exact error message.

Thorpuse
2009-10-22, 21:53
Setting up UTM-1's in a Cluster is tricky because both the gateway and the management have to HA. It's stupid, painful, and a ridiculous licensing thing that CP did for no discernably good reason.

The tricks to make this work are buried in sk33896 on SecureKnowledge. Look at the steps from about stage 8 onwards, and that should give you the clues on what you need to do to build the primary and secondary correctly. It's a peculiar hybrid, this. It's also not particularly reliable in my experience, but others will disagree with me on this (Hi Tobias!).

Also, I believe there's a CPUG 2009 conference preso on this too....

hotice_
2009-10-27, 10:38
OP mentions setting up 2 clusters managed by same SCS which lies on 1st cluster

I would really not recommend this depending on your network traffic.

These are UTM270s and if you activate any of the UTM features (it's a UTM BOX!), you're not going to like the results...


From experience, I would recommend having a distributed install and have your SCS on a distinct machine. This however, requires the acquisition of an extra license even though you already own a valid SCS license included in the UTM bundle.

Complete garbage if you ask me from the marketing folks over at CP but this specific blunder is old news anyways ;)