4.3.1. Configuration cluster

A number of settings are specific to each cluster node, e.g., network interface configuration and IP addressing. The node-specific settings are listed below:



Node-specific settings

Log Analyzer settings.

Diagnostics settings.

Network interface settings.

Gateway settings.

DHCP settings.


OSPF settings.

BGP settings.

To create a configuration cluster, follow these steps:



Step 1. Perform initial configuration on the first cluster node.

See chapter Initial Configuration.

Step 2. On the first cluster node, configure the zone containing the network interfaces through which cluster replication will be carried out.

In the Zones section, create a new dedicated zone for cluster settings replication or use an existing one (Cluster). Allow the following services in the zone's settings:

  • Administrative console

  • Cluster.

Do not use zones whose interfaces are connected to untrusted networks (e.g., the Internet) for replication.

Step 3. Specify the IP address that will be used to communicate with other cluster nodes.

In the Device management section, go to the Configuration cluster pane, select the current cluster node, and click Edit. Specify the IP address of an interface located in the zone you configured at Step 2.

Step 4. Generate a Master node secret on the first cluster node.

In the Device management section, press the Generate secret code button. Copy the resulting code to the clipboard. This master node secret is required for one-time authorization of a second node before adding it to the cluster.

Step 5. Connect a second node to the cluster.

Important! A second and subsequent nodes can only be added to the configuration cluster during their initialization.

Connect to the web console of the second cluster node and select the installation language.

Specify the network interface that will be used to connect to the first cluster node and assign it an IP address. Both cluster nodes must reside in the same subnet --- e.g., as is in the case when the eth2 interfaces of the two nodes are assigned IP addresses and, respectively. Otherwise you need to specify the IP address of the gateway through which the first cluster node will be accessible.

Specify the IP address of the first node configured at Step 3, enter the master node secret, and press the Connect button. If the IP addresses of the cluster configured at Step 2 are assigned correctly, the second node will be added to the cluster, and all the settings from the first cluster will be replicated on the second one.

The state of configuration cluster nodes can be determined from the color of the indicator next to the UserGate node name in the UserGate --> Device management --> Configuration cluster section:

  • Green: the node is online

  • Yellow: the configuration cluster nodes are being synchronized

  • Red: communication with this node is lost, the node is offline.

Step 6. Assign zones to the second node's network interfaces.

In the web console for the second cluster node, go to the Network --> Interfaces and assign a correct zone to each network interface. The zones and their settings are obtained as a result of data replication from the first cluster node.

Step 7. (Optional) Configure the node-specific settings for each cluster node.

Configure the gateways, routes, OSPF settings, and BGP settings specific to each cluster node.

Up to four configuration cluster nodes can be combined into a HA cluster. There can be multiple HA clusters: for example, nodes A, B, C, and D within the configuration cluster can form two HA clusters, A-B and C-D.

A HA cluster can operate in two modes, Active-Active and Active-Passive. The state of cluster nodes can be determined from the color of the indicator next to the UserGate node name in the UserGate --> Device management --> HA clusters section:

  • Red: no communication with the adjacent configuration nodes.

  • Yellow: the HA service is not running on the node.

The absence of an indicator next to the cluster node name means that the node is online.