1

In your web browser, connect to the Gaia Portal on a Security Gateway.

2

Click System Management > Cloning Group.

3

Click Start Cloning Group Creation Wizard.

The Cloning Group Creation Wizard opens.

4

Select Create a new Cloning Group.

The New Gaia Cloning Group window opens.

1. In the Cloning Group Name field, enter a name for the Cloning Group.
2. In the IP for cloning field, select an IPv4 address (interface) for synchronizing settings between member Security Gateways. Select an interface on a secure internal network.
3. In the Password field, enter a password for the administration account (cadmin). This password is necessary to:
   • Manage the Cloning Group
   • Add other Security Gateways to the Cloning Group
   • Create encrypted traffic between members of the Cloning Group
4. In the Confirm Password field, enter the password again.

5

In the Shared Features screen, select features to clone to other members of the Cloning Group.

Pay attention to the features you want to clone. For example, you might not want to clone static routes to Security Gateways that are members of a cluster.

6

Click Next for the Wizard Summary and then click Finish.

SNMP

Configure SNMP.

Banner Messages

Configure banner messages.

Job Scheduler

Schedule automated tasks that perform actions at a specific time.

DNS

Configure DNS servers.

ARP

Configure static ARP entries and proxy ARP entries, control dynamic ARP entries.

System Logging

Configure system logging settings.

Host Access Control

Configure which hosts are allowed to connect to the cluster devices.

Proxy Settings

Configure proxy settings.

Host Address Assignment

Configure known hosts.

NTP

Configure Network Time Protocol for synchronizing the system's clock over a network.

Password Policy

Configure password and account policies.

Time

Configure the time and date of the system.

Network Access

Configure network access to Gaia.

Display Format

Configure how the system displays time, date and netmask.

Mail Notification

Configure email address, to which Gaia sends mail notifications.

Inactivity timeout

Configure session parameters, such as inactivity timeout.

Users and Roles

Configure users and roles settings.

Static Routes

Configure static routes.

DHCP Relay

Configure relay of DHCP and BOOTP messages between clients and servers on different IPv4 Networks.

IPv6 DHCP Relay

Configure relay of DHCPv6 messages between clients and servers on different IPv6 Networks.

BGP

Configure dynamic routing via the Border Gateway Protocol.

IGMP

Establish multicast group memberships via the Internet Group Management Protocol.

PIM

Configure Protocol-Independent Multicast.

Static Multicast Routes

Configure static multicast routes.

RIP

Configure IPv4 dynamic routing via the Routing Information Protocol.

RIPng

Configure IPv6 dynamic routing via the Routing Information Protocol.

OSPF

Configure IPv4 dynamic routing via the Open Shortest-Path First v2 protocol.

IPv6 OSPF

Configure IPv6 dynamic routing via the Open Shortest-Path First v3 protocol.

Route Aggregation

Create a supernet network from the combination of networks with a common routing prefix.

Inbound Route Filters

Configure Inbound Route Filters for RIP, OSPFv2, BGP, and OSPFv3 (supports IPv4 and IPv6).

IP Reachability Detection

Configure reachability detection of IP Addresses.

Route Redistribution

Configure advertisement of routing information from one protocol to another (supports IPv4 and IPv6).

Route Map

Configure dynamic routing route maps.

Prefix Lists and Trees

Configure dynamic routing prefix lists and trees.

Routing Options

Configure protocol ranks and trace (debug) options.

Policy Based Routing

Configure policy based routing (PBR) priority rules and action tables.

Scheduled Backups

Configure Gaia scheduled backups.

1

Sign out of the Gaia Portal.

2

Sign in to the same Gaia Portal using the cadmin account and password.

(Alternatively, log in to the Gaia Portal on the Security Gateway using the cadmin credentials.)

Important - No unique URL or IP address is needed to access the Cloning Group Portal or Clish command line. Use the URL or IP address of the member Security Gateway.

3

In System Management > Cloning Group, select features from the Shared Features.

4

Click Set Shared Features.

The shared features are propagated to all members of the group. If, for example, you then configure a primary DNS server on one member of the Cloning Group, and DNS is one of the Shared Features, then the DNS settings are propagated to all members of the group. The DNS settings in the Portal of each member are grayed out.

1

In your web browser, connect to the Gaia Portal on a Cloning Group member Security Gateway.

2

At the top, click Group Mode.

The Security Gateway switches to Cloning Group management mode.

1

In your web browser, connect to the Gaia Portal on a Security Gateway.

2

In System Management > Cloning Group, click Start Cloning Group Creation Wizard.

The Cloning Group Wizard opens.

3

Select Join an existing Cloning Group.

4

The Join Existing Cloning Group window opens.

• In the Remote Member Address field, enter the IPv4 address of a remote member of the Cloning Group.
• In the IP for cloning field, select an IP address (interface) for synchronizing the settings between Security Gateways. Select an interface on a secure internal network. Make sure there is a physical connectivity to the Gaia computer that runs the Cloning Group, to which you wish to join.
• In the Password field, enter a password for the Cloning Group administration account (cadmin). (The same password you entered when you created the Cloning Group, to which you wish to join.) The cadmin password:
  • Lets you log in to the cadmin account
  • Is used to create authentication credentials for members during synchronization

5

Click Finish.

1

In your web browser, connect to the Gaia Portal on a Security Gateway.

2

In System Management > Cloning Group, click Start Cloning Group Creation Wizard.

The Cloning Group Creation Wizard opens.

3

Select Cloning Group follows ClusterXL.

• Enter the Cloning Group name.
• Enter a password for the Cloning Group administration account (cadmin).

4

Click Next for the Wizard Summary and then click Finish.

5

Repeat Steps 1-4 for all members of the cluster.

1

Set the cloning group mode to manual

2

Set the cloning group local IP address

3

Set the cloning group password

4

Set the cloning group state to on

5

Optional: Set a name for the Cloning Group

1

Set the cloning group mode to manual

2

Set the cloning group local IP address

3

Set the cloning group password

4

Run the join cloning group command to join the Cloning Group

1

Set the cloning group mode to ClusterXL

2

Set the cloning group password

3

Set the cloning group state to on

set cloning-group

local-ip <IPv4 address>

mode {manual | cluster-xl}

name <Cloning Group name>

password <password>

state {on|off}

local-ip <IPv4 address>

The IPv4 address used to synchronize shared features between members of the Cloning Group.

mode {manual | cluster-xl}

The mode determines whether the Cloning Group is defined manually, or through ClusterXL.

name <Cloning Group name>

Name of the Cloning Group.

password <password>

Password for the administrator's (cadmin) account, used to access the Cloning Group configuration in the Gaia Portal, or Gaia Clish.

When prompted, enter and confirm the password.

state {on | off}

Turns the Cloning Group feature on or off.
If you select off, the Security Gateway is removed from the Cloning Group.

add cloning-group shared-feature <Feature>

<Feature>

The name of the feature to be synchronized between the members of the Cloning Group.

aggregate

Configure route aggregation - create a supernet network from the combination of networks with a common routing prefix.

bgp

Configure dynamic routing via the Border Gateway Protocol.

bootp

Configure IPv4 DHCP Relay - relay of DHCP and BOOTP messages between clients and servers on different IPv4 Networks.

cron

Configure job scheduler - schedule automated tasks that perform actions at a specific time.

dhcp6relay

Configure IPv6 DHCP Relay - relay of DHCPv6 messages between clients and servers on different IPv6 Networks.

dns

Configure DNS servers.

hosts

Configure known hosts.

igmp

Establish multicast group memberships via the Internet Group Management Protocol.

inboundfilters

Configure Inbound Route Filters for RIP, OSPFv2, BGP, and OSPFv3 (supports IPv4 and IPv6).

ipreachdetect

Configure reachability detection of IP Addresses.

time

Configure the time and date of the system.

ntp

Configure Network Time Protocol (NTP) for synchronizing the system's clock over a network.

message

Configure banner messages.

ospf

Configure IPv4 dynamic routing via the Open Shortest-Path First v2 protocol.

ospf3

Configure IPv6 dynamic routing via the Open Shortest-Path First v3 protocol.

password-controls

Configure password and account policies.

mailrelay

Configure email address, to which Gaia sends mail notifications.

display-format

Configure how the system displays time, date and netmask.

http

Configure session parameters, such as inactivity timeout.

net-access

Configure network access to Gaia.

users-and-roles

Configure users and roles settings.

arp

Configure static ARP entries and proxy ARP entries, control dynamic ARP entries.

syslog

Configure system logging settings.

proxy

Configure proxy settings.

host-access

Configure which hosts are allowed to connect to the cluster devices.

pbr

Configure policy based routing (PBR) priority rules and action tables.

pim

Configure Protocol-Independent Multicast.

prefix

Configure dynamic routing prefix lists and trees.

redistribution

Configure route redistribution - advertisement of routing information from one protocol to another (supports IPv4 and IPv6).

rip

Configure IPv4 dynamic routing via the Routing Information Protocol.

ripng

Configure IPv6 dynamic routing via the Routing Information Protocol.

routemap

Configure dynamic routing route maps.

routingoptions

Configure protocol ranks and trace (debug) options.

static

Configure static routes.

static-mroute

Configure static multicast routes.

snmp

Configure SNMP.

backup

Configure Gaia scheduled backups.

delete cloning-group shared-feature <Feature>

<Feature>

The name of the feature to be deleted from the list of shared features.

To see the list of the enabled Shared Features, enter:

delete cloning-group shared-feature<SPACE><TAB>

join cloning-group remote-ip <Cloning Group IPv4 address>

<Cloning Group IPv4 address>

The IPv4 address of the Cloning Group member, to which you join.

Note - This option is not available if you are logged into the cadmin account.

leave cloning-group

delete cloning-group disconnected-member <IPv4 address of Member>

<IPv4 address of Member>

The IPv4 address of the Cloning Group member that became inaccessible.

show cloning-group

local-ip

members

mode

name

shared-feature

state

status

local-ip

The IPv4 address used to synchronize shared features between the members of the Cloning Group.

members

Shows the members of the Cloning Group.

mode

Shows the Cloning Group mode - Manual, or Cluster XL

name

Shows the name of the Cloning Group

shared-feature

Lists the shared features that are enabled to be used by all members of the Cloning Group.

state

Shows the Cloning Group state - enabled, or disabled.

status

Shows the status of the Cloning Group member.

Note - This option is not available if you are logged into the cadmin account.

re-synch cloning-group

set cloning-group-management {on | off}

on

Enables the Cloning Group management mode.

off

Disables the Cloning Group management mode.