Multi-Version Cluster Limitations

Specific limitations apply to Multi-Version Cluster.

General limitations in Multi-Version Cluster configuration

  • The Multi-Version Cluster (MVC) upgrade does not support the replacement of the hardware (replacing the entire cluster member).

    The MVC upgrade supports only multi-version software.

  • While the cluster contains Cluster Members that run different software versions (Multi-Version Cluster), it is not supported to change specific settings of the cluster object in SmartConsole.

    • You cannot change the cluster mode.

      For example, from High Availability to Load Sharing.

    • In the High Availability mode, you cannot change the recovery mode.

      For example, from Maintain current active Cluster Member to Switch to higher priority Cluster Member.

    • You cannot change the cluster topology.

      Do not add, remove, or edit settings of cluster interfaces (IP addresses, Network Objectives, and so on).

      In a VSX Cluster object, do not add, remove, or edit static routes.

    Note - You can change these settings either before or after you upgrade all the Cluster Members.

  • While the cluster contains Cluster Members that run different software versions (Multi-Version Cluster), you must install the policy two times.

  • Multi-Version Cluster (MVC) does not support Cluster Members with Dynamically Assigned IP Addresses (DAIP).

Limitations during failover in Multi-Version Cluster

These connections do not survive failover between Cluster Members with different versions:

  • VPN:

    • During a cluster failover from an R80.40 Cluster Member to an R77.30 Cluster Member, all VPN connections on an R80.40 Cluster Member that are inspected on CoreXL Firewall instances #1 and higher, are lost.

    • Mobile Access VPN connections.

    • Remote Access VPN connections.

    • VPN Traditional Mode connections.

  • Static NAT connections are cut off during a cluster failover from an R80.40 Cluster Member to an R80.10 or R77.30 Cluster Member, if VMAC mode is enabled in this cluster.

  • Identity Awareness connections.

  • Data Loss Prevention (DLP) connections.

  • IPv6 connections.

  • Threat Emulation connections.

  • PSL connections that are open during fail-over and then fail-back.

In addition, see the R80.40 ClusterXL Administration Guide > Chapter High Availability and Load Sharing Modes in ClusterXL > Section Cluster Failover.