Add More Cluster Nodes

Add or replace the Firewall Threat Defense cluster node in an existing cluster.

The FXOS steps in this procedure only apply to adding a new chassis; if you are adding a new module to a Firepower 9300 where clustering is already enabled, the module will be added automatically. However, you must still add the new module to the Firewall Management Center; skip to the Firewall Management Center steps.

Before you begin

In the case of a replacement, you must delete the old cluster node from the Firewall Management Center. When you replace it with a new node, it is considered to be a new device on the Firewall Management Center.
The interface configuration must be the same on the new chassis. You can export and import FXOS chassis configuration to make this process easier.

Procedure

If you previously upgraded the Firewall Threat Defense image using the Firewall Management Center, perform the following steps on each chassis in the cluster.

When you upgraded from the Firewall Management Center, the startup version in the FXOS configuration was not updated, and the standalone package was not installed on the chassis. Both of these items need to be set manually so the new node can join the cluster using the correct image version.

If you only applied a patch release, you can skip this step. Cisco does not provide standalone packages for patches.

Install the running Firewall Threat Defense image on the chassis using the System > Updates page.
Click Logical Devices and click the Set Version icon (). For a Firepower 9300 with multiple modules, set the version for each module.

The Startup Version shows the original package you deployed with. The Current Version shows the version you upgraded to.
In the New Version drop-down menu, choose the version that you uploaded. This version should match the Current Version displayed, and will set the startup version to match the new version.
On the new chassis, make sure the new image package is installed.

On an existing cluster chassis Firewall Chassis Manager, click Logical Devices.

Click the Show Configuration icon at the top right; copy the displayed cluster configuration.

Connect to the Firewall Chassis Manager on the new chassis, and click Add > Cluster.

For the Device Name, provide a name for the logical device.

Click OK.

In the Copy Cluster Details box, paste in the cluster configuration from the first chassis, and click OK.

Click the device icon in the center of the screen. The cluster information is partly pre-filled, but you must fill in the following settings:

Chassis ID—Enter a unique chassis ID.
Site ID—For inter-site clustering, enter the site ID for this chassis between 1 and 8. This feature is only configurable using the Firewall Management Center FlexConfig feature.
Cluster Key—Enter the same cluster key.
Management IP—Change the management address for each module to be a unique IP address on the same network as the other cluster members.
Fully Qualified Hostname—Enter the same hostname.
Password—Enter the same password.
Registration Key—Enter the same registration key.

Click OK.

Click Save.

The chassis deploys the logical device by downloading the specified software version and pushing the bootstrap configuration and management interface settings to the application instance. Check the Logical Devices page for each cluster member for the status of the new logical device. When the logical device for each cluster member shows its Status as online, you can start configuring the cluster in the application. You may see the "Security module not responding" status as part of the process; this status is normal and is temporary.

Previous topic Create a Firewall Threat Defense Cluster Next topic Firewall Management Center : Add a Cluster