Re-enable disabled cluster nodes

You can re-enable nodes in a cluster that you have temporarily disabled.

Before you begin

Before connecting network cables to the disabled node or to a replacement for it, set the node to the initial configuration state using the NGFW Configuration Wizard (sg-reconfigure) on the engine command line.
Note: If you reintroduce a disabled node that has a working configuration, the node must receive the heartbeat traffic from other nodes and accept it based on certificates. Otherwise, the node considers itself the only available cluster member and goes online. Cluster nodes that do not communicate with each other can prevent the whole cluster from processing traffic.

When a Firewall Cluster, IPS Cluster, Layer 2 Firewall Cluster, or Master NGFW Engine node has been disabled, its configuration is typically made obsolete by policy installations done on the other cluster nodes. Having an obsolete configuration prevents the node from operating normally and might in some cases disturb the operation of the whole cluster.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. In the Management Client, select Configuration.
  2. Right-click the NGFW Engine, then select Edit <element type>.
  3. In the navigation pane on the left, browse to General > Clustering.
  4. Deselect the Disabled option in the Nodes table for the nodes you want to re-enable, then click OK.
  5. Click Save and Refresh to ensure that all nodes have the same configuration.
    Note: If the policy installation is unsuccessful, return the previously disabled node to the initial configuration state.
  6. (Optional) In the NGFW Dashboard view, right-click the node, then select Commands > Go Online or Commands > Standby to return the node to operation.
    The node is set to online or standby mode shortly.