Example Firewall Cluster

This example shows Firewall Cluster interfaces in the example network.

In the example network, the HQ Firewall Cluster is located in the Headquarters network. The cluster consists of two cluster nodes: Node 1 and Node 2.

Figure: Example firewall scenario

Network	Description
Heartbeat network	The heartbeat and cluster synchronization goes through the heartbeat network. CVI: no CVI defined. NDI: 10.42.1.1 (Node 1) and 10.42.1.2 (Node 2).
Management network (DMZ)	The management network interface is used for the control connections from the Management Server and for connecting to the HQ Log Server. CVI: 192.168.10.1. NDI: 192.168.10.21 (Node 1) and 192.168.10.22 (Node 2).
ISP A external network	This connection is one of the 2 Internet connections from the Headquarters site. It is provided by ISP A. CVI: 203.0.113.254. NDI: 203.0.113.21 (Node 1) and 203.0.113.22 (Node 2). Next-hop router: 203.0.113.1.
ISP B external network	This connection is the other of the 2 Internet connections from the Headquarters site. It is provided by ISP B. CVI: 198.51.100.254. NDI: 198.51.100.21 (Node 1) and 198.51.100.22 (Node 2). Next-hop router: 198.51.100.1.
HQ intranet	This VLAN (VLAN ID 16) is connected to the same network interface on the firewall with the HQ Accounting VLAN. CVI: 172.16.1.1. NDI: 172.16.1.21 (Node 1) and 172.16.1.22 (Node 2).
HQ Accounting network	This VLAN (VLAN ID 17) is connected to the same network interface on the firewall with the HQ intranet VLAN. CVI: 172.17.1.1. NDI: 172.17.1.21 (Node 1) and 172.17.1.22 (Node 2).

The Management Server and the HQ Log Server are at the headquarters site, in the DMZ network.

Security Management Center (SMC) component	Description
Management Server	This Management Server manages all firewalls and Log Servers of the example network. The Management Server in the Headquarters’ Management Network (DMZ) with the IP address 192.168.1.101.
HQ Log Server	This Log Server receives log data from the firewalls. The server is located in the Headquarters’ Management Network (DMZ) with the IP address 192.168.1.102.

Security Management Center (SMC) component

Description

Management Server

This Management Server manages all firewalls and Log Servers of the example network.

The Management Server in the Headquarters’ Management Network (DMZ) with the IP address 192.168.1.101.

HQ Log Server

This Log Server receives log data from the firewalls.

The server is located in the Headquarters’ Management Network (DMZ) with the IP address 192.168.1.102.