cancel
Showing results for 
Search instead for 
Did you mean: 

Example Proxy HA configuration using HAProxy (mfend replacement)

Overview:

Starting with MWG version 8.2, McAfee introduced a new HAProxy feature. This makes manual changes mandatory if you update frome an older version that is using mfend. This article is to show a simple example configuration for Proxy HA mode.

 

Action plan:

  • Upgrade or install latest main version
  • Perform configuration changes as indicated below
  • In case of any failures, create a Service Request and provide:

-feedback file

-short description about used interfaces and their need (in-/outbound, IP addresses)

 

Example Proxy HA configuration

This is a config example to create a proxy HA cluster with 2 MWG's.

 

Interfaces:

MWG1 eth0: 10.116.40.3

MWG2 eth0: 10.116.40.4

 

MWG1 Configuration:

Scanners table: 10.116.40.4 (type: Peer Director), 10.116.40.3 (type: Scanner)

Director priority: 90

VIP: 10.116.40.5

VRRP: eth0

HTTP: 10.116.40.3:9090 (in general, bind management IP address to every port you want to configure)

FTP (if enabled): 10.116.40.3:2121

 

MWG2 Configuration:

Scanners table: 10.116.40.3 (type: Peer Director), 10.116.40.4 (type: Scanner)

Director priority: 50

VIP: 10.116.40.5

VRRP: eth0

HTTP: 10.116.40.4:9090 (in general, bind management IP address to every port you want to configure)

FTP (if enabled): 10.116.40.4:2121

 

Test HA feature from GUI on the active director:

"Troubleshooting" > "Network tools" > type in parameter "all" > choose "hastats".

 

Output on active director:

hastats all :

Mode:  Active Director

HTTP - IPv4

+-------------+------+-------------------+-------------------+

|   Server    |Status|Sessions per Second|Cumulative Sessions|

+-------------+------+-------------------+-------------------+

|10.116.40.4  |  UP  |         0         |         0         |

+-------------+------+-------------------+-------------------+

|10.116.40.3  |  UP  |         0         |         0         |

+-------------+------+-------------------+-------------------+

FTP not configured

 

If you run the test on redundant director, it will only say to run this command on active director.

 

NOTES:

  • Director priority =0 = scanning only node
  • Director priority >0 = possible director node
  • If you want to configure a scanning-only machine, set director priority to =0 and most options will automatically grey out.
  • In this case you MUST change the HTTP listener from 10.116.40.3:9090 back to 0.0.0.0:9090 (same for any other active listener)
Labels (1)
Contributors
Version history
Revision #:
4 of 4
Last update:
2 weeks ago
Updated by:
 

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community