Perform the following steps to use the new UDP based sync with FireWall-1 4.1 and StoneBeat FullCluster. Please note that the use of new sync with third party load balancing products requires FireWall-1 4.1 SP4 or later.

On the firewall machine:

1. Enable High Availability through cpconfig.

Configuring Enable High Availability...
=======================================


High Availability module is currently disabled.


Would you like to enable the High Availability module (y/n) [y] ?

2. Configure the first heartbeat interface as a secured interface.

Configuring High Availability Secured Interfaces...
===================================================
The following interfaces are configured on your machine
sbif0 sbif1 sbif2
Secured interfaces are interfaces on which sensitive High Availability
information can be exchanged securely with other members of this cluster.

Do you want to add secured interfaces (y/n) [y] ?
Please enter the list of interfaces that will be secured interfaces.
Enter one interface per line, terminating with CTRL-D or your EOF
character.
sbif0
Is this correct (y/n) [y] ?

3. Do not import any MAC addresses.

Configuring High Availability MAC Addresses...
==============================================
Do you wish to import MAC addresses configurations file (y/n) [n] ?

4. Configure a unique priority on each node and set the service mode.

Configuring High Availability Priorities...
===========================================
You must configure the priority and the mode:
Priority = 1 for the primary machine; 2,3,4... for the standby machines.
Mode = active-up or primary-up.
Following is the current configuration:
Priority: 3
mode: service
Would you like to modify the above configuration (y/n) [y] ?

5. Do not restart the FireWall-1 module, yet.

You have changed the High Availability configuration.
Would you like to restart VPN-1/FireWall-1 now
so that your changes will take effect? (y/n) [y] ? n

6. List the operative interfaces in $FWDIR/conf/discntd.if file.

# cat >$FWDIR/conf/discntd.if
sbif1
sbif2

7. Edit the $FWDIR/conf/sync.conf file to contain only the 'SyncMode=CPHAP" line.

# cat >$FWDIR/conf/sync.conf
SyncMode=CPHAP

8. Reboot the machine or restart the FireWall-1 module.

In the management GUI:

1. Select Policy->Properties and check Enable Gateway Cluster in the High Availability tab.

2. Create a Workstation object for each gateway.

3. Create a Gateway Cluster object for the firewall cluster.

4. Assign the gateways to the Gateway Cluster in the General tab of the Workstation Properties window.

5. Install the security policy to the Gateway Cluster.