Showing results for 
Search instead for 
Did you mean: 
Level 7
Report Inappropriate Content
Message 1 of 4

2 MWG 7.x devices and HA

I have 2 MWGs.  They were setup clustered for management purposes, but each one was in a different building on our campus.  Each one handled authentication and each one had a separate internet connection.  We are in the process of moving everything to one central location (one of the existing buildings).  This is mostly due to centralizing our internet services.  So currently, the MWG in the other building is just sitting there, with no traffic going through it.  What I would like to do is shut it down, bring it over to this building, and put it in place here and use it for some sort of load balancing or HA setup.  What is currently the best practice in this situation?  I understand it might require some pro services but I am just trying to get a feel for what exactly is required. 

3 Replies

Re: 2 MWG 7.x devices and HA


The HA that comes with the product allows an active/active configuration. Both MWGs will share a single virtual IP address and both machines will handle the load. If one node goes down there may be a short interruption of only a few seconds, and the remaining box will continue filtering.

This setup may work fine for you, but it is important to mention that in case of a failure one node has to handle the complete load, so this does not work if two nodes are required to handle the traffic from a sizing perspective.

If this is not a problem, and there is not a downstream proxy/nat device between the clients and MWG, this may be the easiest setup.

Certainly there are a lot of other ways to deploy, I guess someone else will have a different opinion 🙂



Level 7
Report Inappropriate Content
Message 3 of 4

Re: 2 MWG 7.x devices and HA


I would have to do some more research to see if one of them will handle the current traffic, as well as the expected traffic growth.  Where can I find these specs to let me know what the limits are?

Level 12
Report Inappropriate Content
Message 4 of 4

Re: 2 MWG 7.x devices and HA

I think it may be as easy as

a) From teh config> appliances tab on the master,  delete the box from teh other build from teh appliances cluster

b) move the box.  Reconfig it to its new IP if need be

c) re-add it to the cluster under Config> Appliances  ... and I suspect the policy config will just work.

If you're using a shared VIP and failover a talk with someone of L2 support horsepower should be all you need to configure the vip.  From teh policy sharing persepctive, these things seem pretty low drama yanking them out and re-adding them to a cluster.

If the IP isn't changing during the move, you may not have to do anything at all.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community