This is my first post, so please be gentle...
In our deployment we have 1x ESM, 1x ELM, 1x ACE and 4x ERC that are to be configured in 2x HA pairs. We are using version 9.6, MR9.
Each ERC has 2 interfaces:
eth0 is the mgmt1 port and this should be used for connectivity to the ESM etc. via the MGMT network.
eth1 is to use a shared IP on the PROD network for data collection in the estate.
We have added the first ERC to the ESM using the MGMT IP address, all ok so far.
The problem occurs when we try and configure the HA pair of ERC. I've followed the McAfee HA configuration guide to the letter, but it's failing.
It seems the HA setup is moving the PROD (shared) IP to eth0 and the MGMT IP to eth1.
Has anyone seen this problem before?
It depends on which models you have, and we've had a lot of issues setting up receivers in HA. I'd suggest calling support for this one since there are a lot of gotchas and even with a senior engineer giving us a method, it still hasn't been 100% effective in pairing receivers.
We are using 1260 ERC's. From searching the community it seems these are the ones that people have problems setting up in HA?
I will give support a call and run through the HA config with them. Hopefully it works out as the ERC's are in a datacentre 150 miles away from the office I work in..
i run 6 ERC-4600. So i have 3 Ha pairs.
You do not need two interface only one is impossible.
Configure your primary ERC with the shared Ip you want to use for the first HA-Cluster. Import this ERC via SIEM GUI als a single ERC. After that you can configure the HA for this Pair. During the configuration you should change the IP-Adresse of the interface from the primary Receiver. Also add the IP-Adresse for the secondary. After the configuration you should see in the Receiver Properties --> Receiver Configuration --> Network that the first interface ist configured as the shared interface.
Thanks for the reply. Glad to see someone has got the ERC's working in HA.
The problem we have is the ESM has no access to the PROD network that the ERC's should be using to receive data. It only has access to the MGMT network.
So once the IP's get switched around as part of the HA config there is no way for the ESM to communicate with the ERC.
After the HA failure, we can no longer SSH to the primary ERC as the IP's have been switched around.