Operating modes for Firewall Cluster interfaces
There are several operating modes for the physical interfaces of a Firewall Cluster. Packet dispatch mode is recommended for new installations.
The other modes are provided for backward compatibility. See the Forcepoint Next Generation Firewall Product Guide for more information about the other operating modes.
In packet dispatch mode:
- There is only one contact MAC address for each physical interface. The dispatcher node controls this MAC address.
- The dispatcher node forwards the packets to the other nodes for processing. Any node in the cluster can process the traffic.
- The dispatcher node is chosen separately for each physical interface.
Note: Different nodes might be selected as dispatcher nodes for different physical interfaces.
The packet dispatcher for the physical interface changes automatically if the dispatcher goes offline. When the dispatcher changes:
- The packet dispatcher MAC address is moved to another firewall node.
- The firewall sends an ARP message to the external switch or router.
- The switch or router updates its address table.
Note: This process is a standard network addressing operation where the switch or router learns that the MAC address is located behind a different port.
- The switch or router forwards traffic destined to the physical interface to this new packet dispatcher.